TFS, a subsidiary of the renowned Toyota Motor Corporation, is a global financial powerhouse that extends its operations to an astounding 90% of the markets where Toyota vehicles are sold. It is very important because it helps Toyota's many customers get car loans, but recent events have caused the company's reputation to suffer.

The Unfortunate Data Breach

Just last month, TFS confirmed the detection of unauthorized access to some of its systems in Europe and Africa. A huge number of people and their private information may have been lost or stolen because of the hack.

According to BleepingComputer report, in a brazen move the threat actors behind Medusa Ransomware demanded a staggering payment of $8,000,000 to delete the stolen data and issued Toyota a tight 10-day deadline to respond to their blackmail. This scenario was already very bad, and the ransom demand made it even worse.

Containment Efforts and Customer Impact

In response to the breach, Toyota took swift action by temporarily shutting down certain systems to contain the intrusion. But the steps that were taken affected customer service and made people more worried who count on TFS for car loans.

As of the latest updates, it appears that Toyota has not engaged in negotiations with the cybercriminals. Disturbingly, all the stolen data has been made public on Medusa's extortion portal on the dark web, further jeopardizing the privacy and security of affected individuals.

This breach isn't limited to Toyota's core operations; it has also affected subsidiary divisions. In Germany, Toyota Kreditbank GmbH confirmed that hackers gained unauthorized access to customers' personal data.

READ MORE: TESLA Gears Up for Cybertruck Delivery Reintroduces a Clause in Its Purchase Agreement

The Culprit

As reported in TechRadar Pro, the data breach involving Toyota Financial Services (TFS) has been attributed to the Medusa Ransomware group. Medusa Ransomware has added TFS to its list of sites where sensitive data can be found. It says it has stolen a lot of different kinds of sensitive data, such as financial papers, purchase invoices, user IDs and passwords, passport scans, and more.

There are a lot of German papers in this data, which suggests that the breach may have been aimed at a company in central Europe. The ransom demand is a staggering million, with a 10-day deadline for TFS to decide whether to pay. There is also an option to extend the deadline for a daily fee of ,000. Currently, it remains uncertain whether TFS will consider making the payment.

The company temporarily switched off some systems so that they could look into the attack and lessen the chance that things would get worse, the spokesperson added. "At present, the impact of this incident is confined to Toyota Financial Services Europe & Africa."

Furthermore, Gigazine reported that security expert Kevin Beaumont noted that the German branch of Toyota Financial Services has an internet-exposed Citrix Gateway endpoint that has not received updates since August 2023 and is afflicted with significant vulnerabilities. This makes it susceptible to specific Citrix Bleeds exploits.

To demonstrate their theft of data from Toyota Financial Services, Medusa presented the company's financial records, spreadsheets, purchase invoices, encrypted account passwords, unencrypted user IDs and passwords, agreements, and passport information.

They have made public a sample of this data, which includes scans, internal organizational charts, financial performance reports, and employee email addresses. Medusa has also disclosed a text file outlining the structure of the data taken from Toyota Financial Services.

RELATED ARTICLE: Toyota and Rival BYD Collaborate on Electric Sports Crossover Set to Debut in 2025

Copyright @ MOTORTIMES, All rights reserved. Do not reproduce without permission.