Toyota and Lexus dealers hacked: leaving customers at risk – What you need to do now



[ad_1]

<div _ngcontent-c14 = "" innerhtml = "

ASSOCIATED PRESS

Toyota has confirmed that nearly 3.1 million pieces of customer data Toyota and Lexus may have been violated as a result of an attack on dealers in Japan. While the company says that "the information that may have been leaked this time does not include credit card information" This will come as a comfort to customers who were already worried about the security after Toyota Australia hit by a disruptive cyberattack in February.

What do we really know?

Not much at this stage is the most honest answer. Toyota's offense notice was published in the company's press room yesterday and is minimalist in regards to the details. It would appear from this statement that there was "unauthorized access to the network" number of concessions in the Tokyo area, Japan, on March 21st. This could have compromised up to 3.1 million customer data stored on a server connected to this network. Toyota insists that no credit card data has been compromised, but there is no mention of any data that could have been disclosed. I may say that Toyota did not confirm that the data had been exfiltrated by the attackers at this stage of the investigation, but simply that they were consulted. Simon Whitburn, First Vice President of Cybersecurity Services at Nominet, says it's unsettling that Toyota is not sure yet. "The ability to scientifically badyze a data breach is just as important as preventing it in the first place" Whitburn insists on adding "with so many risks to customers, companies can not afford to guess whether data was stolen. "

Is this attack related to the Australian attack?

ZDNet has reported some security badysts have at least attributed the Australian attack to the Vietnamese cyber-espionage unit known as APT32 (OceanLotus). Risky business Podcast suggested that the Australian attack could have been used by APT32 as a stepping stone to access the Japanese core network considered more secure. Although all this is speculation, Simon Whitburn says that "it is thought that the central systems in Japan were used because of weaknesses in the Australian system, which clearly means that the network architecture is not secure. "

What should you do now?

If you own a Toyota or Lexus vehicle, you are probably wondering if this dealer network violation in Japan could affect you. Since it seems that the attackers were able to access the central network of Toyota, it is a legitimate concern. Tim Mackey, Senior Technical Evangelist at Synopsys, agrees. "Current and former owners of Toyota vehicles should be worried about this violation," he says, adding "attackers who potentially have access to sales records, this data is an ideal profile from which to launch a spear-like attack. phishing. "

As with any such violation, it is important that Toyota and Lexus owners pay even more attention when they receive communications that are supposed to come from Toyota in the weeks and months to come. "This includes emails and phone messages" Warns Mackey "as likely all sales data obtained in this attack would include the details of the purchase made." Make an extra effort to confirm the legitimacy of any communication, which means do not click on the links included in an e-mail but use your browser to access Toyota's technical support with a known website address. Similarly, do not give out any information by phone or SMS, but hang up and call the phone number you already have for your dealer and who will be able to put you in touch with the right people.

">

Toyota has confirmed that nearly 3.1 million pieces of customer data Toyota and Lexus may have been violated as a result of an attack on dealers in Japan. Although the company claims that "the information that could have been disclosed this time does not include credit card information", customers already worried about safety feel rebadured, after Toyota Australia has been affected by a disruptive cyberattack in February.

What do we really know?

Not much at this stage is the most honest answer. Toyota's offense notice was published in the company's press room yesterday and is minimalist in regards to the details. It follows from this statement that there was "unauthorized access to the network" from a number of dealers in the Tokyo area in Japan on March 21st. Up to 3.1 million client data stored on a server connected to this network may have been compromised accordingly. Toyota insists that no credit card data has been compromised, but there is no mention of any data that could have been disclosed. I may say that Toyota did not confirm that the data had been exfiltrated by the attackers at this stage of the investigation, but simply that they were consulted. Simon Whitburn, First Vice President of Cybersecurity Services at Nominet, says it's unsettling that Toyota is not sure yet. "The ability to scientifically badyze a data breach is just as important as preventing it," says Whitburn, adding, "with so many risks for customers, companies can not afford to guess whether data was stolen ".

Is this attack related to the Australian attack?

ZDNet reported that the Australian attack was attributed, by some security badysts, to the Vietnamese cyber-espionage unit known as APT32 (OceanLotus). The Risky Business podcast hinted that the Australian attack could have been used by APT32 as a stepping stone to access the Japanese core network considered more secure. While all this is speculation, Simon Whitburn said that "it is thought that the central systems in Japan have been accessed due to weaknesses of the Australian system, which means that the network architecture does not exist. Is clearly not secure ".

What should you do now?

If you own a Toyota or Lexus vehicle, you are probably wondering if this dealer network violation in Japan could affect you. Since it seems that the attackers were able to access the central network of Toyota, it is a legitimate concern. Tim Mackey, Senior Technical Evangelist at Synopsys, agrees. "Current owners and former owners of Toyota vehicles should be concerned about this violation," he said, adding that "attackers potentially having access to sales records, these data provide an ideal profile from which to launch a spear phishing attack ".

As with any such violation, it is important that Toyota and Lexus owners pay even more attention when they receive communications that are supposed to come from Toyota in the weeks and months to come. "This would include both emails and phone messages" Mackey warns "probably that any sales data obtained during this attack would include the details of the purchase made." Make an extra effort to confirm the legitimacy of any communication, which means do not click on the links included in an e-mail but use your browser to access Toyota's technical support with a known website address. Similarly, do not give out any information by phone or SMS, but hang up and call the phone number you already have for your dealer and who will be able to put you in touch with the right people.

[ad_2]
Source link