After the Medusa Group's successful attack and data theft on Toyota Financial Services (TFS), the group demanded $8 million to delete the data. Since Toyota didn't pay, all the data is now available on the darknet.
The attack on Toyota Financial Services Europe & Africa (TFS) took place on November 14.11.2023, XNUMX. Shortly thereafter, TFS released a notice that all networks had been shut down as a precautionary measure due to unauthorized activity on the systems.
Blackmail countdown has expired
🔎 After the countdown expired and the ransom was not paid, the Medusa Group placed the data stolen from Toyota Financial Services on the darknet (Image: B2B-CS).
Shortly after the report by TFS, the Medusa Group published a note on its leak page that Toyota Financial Services (TFS) has been successfully attacked and is now demanding a ransom of $8 millionto delete the data. The countdown has been over for some time now, but the data has now been placed on the dark web. File samples show many tables and letters in small screenshots.
Now TFS has also reacted and sent a letter to all affected customers informing them of the data loss. There TFS writes: “…we would like to inform you about an incident involving your personal data, What happened? After we, Toyota Kreditbank GmbH (“TKG”) noticed unusual activity on our network, we immediately initiated an internal investigation into the incident, which we are conducting with the support of a leading cybersecurity company. “In the course of the ongoing investigations, we have found evidence that an unauthorized party has gained access to certain TKG files...According to the current state of knowledge, this information also includes personal data relating to you.”
Informed customers about data loss
“Which personal data is affected? According to the current status of the investigation, your last name, first name, the postal code of your place of residence and possibly other contract information such as the contract amount, any dunning status and your IBAN (International Bank Account Number) are affected..."
According to various media, TFS was unable to collect any leasing or loan installments and now has some work to do. At least Toyota is also continuing the trend of not paying in the event of blackmail. More and more companies are taking this route. After all, every unpaid Bitcoin is less money for further attacks. There are now even voices in the USA that want to legally ban paying a ransom.
More at Toyota.eu