Toyota confirms breach after Medusa ransomware threatens to leak data

Toyota Financial Services has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Earlier today, the Medusa ransomware gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company. The threat actors gave Toyota 10 days to respond, with the option to extend the deadline for $10,000 per day. While Toyota Finance did not confirm if data was stolen in the attack, the threat actors claim to have exfiltrated files and threaten with a data leak if a ransom is not paid. To prove the intrusion, the hackers published sample data that includes financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more. Medusa also provides a.TXT file with the file tree structure of all the data they claim to have stolen from Toyota's systems. Most of the documents are in German, indicating that the hackers managed to access systems serving Toyota's operations in Central Europe. "Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations." "We took certain systems offline to investigate this activity and to reduce risk and have also begun working with law enforcement." "As of now, this incident is limited to Toyota Financial Services Europe & Africa." Regarding the status of the impacted systems and their estimated return to normal operations, the spokesperson told us that the process of bringing systems back online is already underway in most countries. Earlier today, following Medusa's disclosure of TFS as their victim, security analyst Kevin Beaumont highlighted that the firm's German office had an internet-exposed Citrix Gateway endpoint which had not been updated since August 2023, indicating that it was vulnerable to the critical Citrix Bleed security issue. A few days back, it was confirmed that Lockbit ransomware operatives were using publicly available exploits for Citrix Bleed to achieve breaches against the Industrial and Commercial Bank of China, DP World, Allen & Overy, and Boeing. It is possible that other ransomware groups have started to exploit Citrix Bleed, taking advantage of the massive attack surface estimated to count several thousand endpoints. LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed. Ransomware gang files SEC complaint over victim's undisclosed breach. Toronto Public Library confirms data stolen in ransomware attack. FBI and CISA warn of opportunistic Rhysida ransomware attacks. FBI: Royal ransomware asked 350 victims to pay $275 million.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Toyota confirms breach after Medusa ransomware threatens to leak data

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Toyota confirms breach after Medusa ransomware threatens to leak data - Toyota Financial Services has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is ...
11 months ago Bleepingcomputer.com
Toyota warns customers of data breach exposing personal, financial info - Toyota Financial Services is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a ...
10 months ago Bleepingcomputer.com
Toyota Germany Says Customer Data Stolen in Ransomware Attack - Toyota Germany is notifying customers that their personal information was compromised in a ransomware attack last month. Initially disclosed in mid-November, the incident impacted the systems of Toyota Financial Services Europe & Africa, a subsidiary ...
10 months ago Securityweek.com
Toyota Germany Says Customer Data Stolen in Ransomware Attack - Toyota Germany is notifying customers that their personal information was compromised in a ransomware attack last month. Initially disclosed in mid-November, the incident impacted the systems of Toyota Financial Services Europe & Africa, a subsidiary ...
10 months ago Packetstormsecurity.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
300 Strikes: Fort Worth's Battle Against the Medusa Gang - In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of ...
6 months ago Cysecurity.news
Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats - In the ever-evolving landscape of cyber threats, Medusa Ransomware has taken a bold step by launching a dedicated blog to publish victim details, offering a chilling one-click data sale for $10,000. This notorious group, distinct from Medusa Locker ...
9 months ago Cybersecurity-insiders.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Toyota Data Breach Compromises Customer`s Financial Data - Toyota Financial Services reveals that hackers stole their customers' sensitive data in the last cyberattack. In November 2023, the Medusa threat group claimed the Toyota data breach and asked for a $8,000,000 ransom. The company did not seem to ...
10 months ago Heimdalsecurity.com
Christie's confirms breach after RansomHub threatens to leak data - Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. Christie's is a prominent auction house with a history spanning 2.5 centuries. ...
5 months ago Bleepingcomputer.com
Ticketmaster sends notifications about recent massive data breach - Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. Last month, a threat actor known as ShinyHunters began selling stolen ...
4 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com
Ticketmaster confirms data breach impacting 560 million customers - MUST READ. Ticketmaster confirms data breach impacting 560 million customers. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach ...
5 months ago Securityaffairs.com
Evolve Bank data breach impacted fintech firms Wise and Affirm - MUST READ. Evolve Bank data breach impacted fintech firms Wise and Affirm. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com
Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage. Rhysida is auctioning off the data it reportedly stole from the United Kingdom's national library ...
11 months ago Bleepingcomputer.com
Infosys McCamish Systems data breach impacted over 6M people - MUST READ. Infosys McCamish Systems data breach impacted over 6 million people. Keytronic confirms data breach after ransomware attack. City of Cleveland still working to fully restore systems impacted by a cyber attack. ABN Amro discloses data ...
4 months ago Securityaffairs.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
5 months ago Bleepingcomputer.com
Cold storage giant Americold discloses data breach after April malware attack - Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
British Library: Ongoing outage caused by ransomware attack - The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Over 11 million visitors use the library's website annually, with more than 16,000 people using its collections ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)