Data leak
β Supply Chain
Toyota 240GB Data Leak
Primary Source βIncident Details
Toyota confirmed a data breach in August 2024 after threat actor ZeroSevenGroup posted 240 GB of data on a hacking forum. Data included employee and customer PII, contracts, financial records, network infrastructure details, and database credentials. Toyota said the breach was limited to a third-party contractor and did not affect Toyota systems broadly. Separate from the 2023 cloud misconfiguration exposing 2.15 million customers’ vehicle location data.
Technical Details
- Initial Attack Vector
- Unauthorized access to a third-party contractor's environment; 240 GB of Toyota internal data surfaced on a hacking forum in August 2024, believed stolen as far back as December 2022
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2022-12-25 Breach occurred
- 2024-08-01 Publicly disclosed
- 2024-08-01 Customers notified