Toyota has confirmed that as many as 3.1 million items of Toyota and Lexus customer data may have been breached following an attack on dealerships in Japan. While the company says that "information that may have been leaked this time does not include information on credit cards" this will come as cold comfort to customers who were already worried about security after Toyota Australia was hit by a disruptive cyber-attack in February.
What do we really know?Not a lot at this point is the most honest answer. The Toyota breach notification was published in the company newsroom yesterday and is minimalist as far as detail is concerned. It would appear from that statement that there was "unauthorized access on the network" of a number of dealerships in the Tokyo area of Japan on March 21. Up to 3.1 million pieces of customer data, stored on a server connected to that network, may have been compromised as a result. Toyota insists that no credit card data was compromised but there is no mention of what data might have been leaked. I say might as Toyota hasn't confirmed that the data was actually exfiltrated by the attackers at this stage of the investigation, rather just that it was accessed. Simon Whitburn, the global senior vice-president of cyber security services at Nominet, says it is troubling that Toyota isn't sure yet. "The ability to forensically analyze a data breach is equally as important as preventing it in the first place" Whitburn insists, adding "with so much at risk for customers, businesses cannot afford to play a guessing game about whether data was stolen."