For the second time in five weeks, Toyota has acknowledged a breach – this one affecting 3.1 million customers at its subsidiaries while the first was in Australia and believed to be the work of Ocean Lotus, or APT32.
The company isn’t yet sure if the hackers nicked any data from its systems but said customers of subsidiaries, including , Lexus Koishikawa Sales, Lexus Nerima, Toyota Tokyo Sales Holdings, Toyota West Tokyo Corolla, Toyota Tokyo Corolla and Tokyo Tokyo Motor were among those that could be affected.
"I expect that Toyota’s Japanese customers are collateral damage in an attempt to steal Toyota’s intellectual property,” said Lucy Security CEO Colin Bastable. “Toyota’s response, saying that they will implement additional security measures, reminds me of the recent Airbus attack and their similar remedial approach to cybersecurity.”
While large companies can expect to be the target of hackers and Toyota has claimed to be “taking this incident seriously,” DivvyCloud CTO Chris DeRamus said the automaker should have had “security tools and plans in place already to proactively avoid cyberattacks in the first place.” Calling data “the new oil in our digital era,” DeRamus stressed “companies should be doing everything they can to protect it.”
The two hacks in quick succession highlight a deeper problem with visibility across their networks. “Toyota’s recent data breaches highlight the fact that global enterprises do not have ample visibility into their massive networks and infrastructure, and therefore are not able to take proper actions to avoid data leaks,” said Jonathan Bensen, CISO and senior director of product management at Balbix, adding that Toyota could suffer reputational damage as a result.
“Any breach of personal identifiable information (PII) is reason enough for customers to be alarmed,” said Bensen, noting that not just data but rather trust gets breached in a hack. “Suffering multiple security incidents within such a short time frame can significantly affect company reputation.”
Particularly in Japan, said Bastable, whose society is built on trust.
That the company doesn’t know what data was affected and if any had been nabbed by hackers is “troubling,” said Simon Whitburn, global senior vice president of cybersecurity services at Nominet, and said that Toyota should thoroughly review its security systems to identify any weaknesses. “It is thought that the central systems in Japan were accessed through weaknesses in the Australian system, meaning that clearly the network architecture is not secure.”
But Tim Erlin, vice president of product management and strategy at Tripwire, said it’s too early to say whether the two incidents are related, until Toyota’s investigation turns up additional details on the methods and tools the hackers used. “But it’s difficult to say definitively that they are not without more information.”