Toyota hit by cyberattack.
Toyota suffered a major data breach at its headquarters in Japan, the company announced last Friday. Toyota said the hackers had access to sales information belonging to 3.1 million customers, and it's still investigating whether any data were exfiltrated. Toyota said the compromised servers didn't hold financial data, but haven't elaborated on what information was exposed (ZDNet). Toyota Vietnam and Toyota Thailand advised that they may have been similarly affected (Naked Security).
In February, Toyota's Australian division was hit by a cyberattack that disrupted its systems but was apparently unsuccessful in stealing data. Suspicion for that attack fell on the Vietnamese threat actor known as "OceanLotus," or "APT32." OceanLotus has been targeting car companies, allegedly in support of Vietnam's efforts to build a domestic automobile industry (CyberScoop). Blackberry Cylance published a report Tuesday detailing how OceanLotus uses steganography to deliver a malware loader via a .png image file.
Very few details have been released about Toyota's latest breach, but some observers theorize that the attack against Toyota Australia gave the hackers a foothold inside the company's wider networks. Others looking at the incidents wonder if the internal investigation following the February hack led the company to discover additional breaches (ZDNet). Toyota has been tight-lipped on the matter.