Toyota warns data breach may have exposed customer financial information

Now, the company has been informing customers that their data has been affected, with letters being sent to some German customers.

Toyota ransomware attack breached personal data

At the time, Toyota Financial Services was told that it could cough up $8 million to have the ransomware group delete the stolen files, or extend this deadline for the sum of $10,000 per day.

It now appears that Toyota did not give in to the group’s demands, and customer data has since been spotted for sale on Medusa’s website.

A letter to German customers (translated to English using Google Translate) seen by German news outlet Heise reads: “According to the current status of the investigation, your last name, first name, the postcode of your place of residence and possibly other contact information… are affected.”

Other data may include financial details, including contract amount and IBAN. Should Toyota’s investigation, which is still underway with a “leading” cybersecurity company, reveal any more high-risk data that has been leaked, the company promises to issue further notices.

Heise also noted that customer payments and vehicle deliveries saw a service interruption as a result of the attack, but that services were being restored from December 1.

A Toyota spokesperson told TechRadar Pro in an email that Toyota Financial Services is "working closely with law enforcement" and that the investigation is still ongoing, but for now, the company believes that only German customer data was affected. German customers have been informed "in line with all legal and data protection requirements."

Toyota declined to comment on whether it had paid the ransom fee.

More from TechRadar Pro

• Concerned your data may have been caught up in a breach? Check out the best identity theft protection
• Use the best firewalls and the best endpoint protection for a handy cybersecurity boost
• Toyota suffered a major outage after its servers ran out of storage