{ "id": "e70672cc-c8b3-455a-bf7a-ed6d9f46d3c0", "created_at": "2026-04-06T00:13:35.129074Z", "updated_at": "2026-04-10T13:12:43.510646Z", "deleted_at": null, "sha1_hash": "d9a87ebf537c2958581424784ee43bb246c405cc", "title": "Toyota announces second security breach in the last five weeks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1096447, "plain_text": "Toyota announces second security breach in the last five weeks\r\nBy Written by Catalin Cimpanu, ContributorContributor March 29, 2019 at 5:37 a.m. PT\r\nArchived: 2026-04-05 14:59:54 UTC\r\nJapanese car maker Toyota announced its second data breach today, making it the second cyber-security incident\r\nthe company acknowledged in the past five weeks.\r\nSecurity\r\nWhile the first incident took place at its Australian subsidiary, today's breach was announced by the company's\r\nmain offices in Japan.\r\nToyota and Lexus car owners data at risk\r\nThe company said hackers breached its IT systems and accessed data belonging to several sales subsidiaries.\r\nThe list includes Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets\r\nToyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla.\r\nToyota said the servers that hackers accessed stored sales information on up to 3.1 million customers. The\r\ncarmaker said there's an ongoing investigation to find out if hackers exfiltrated any of the data they had access to.\r\nCustomer financial details were not stored on the hacked servers, Toyota said. However, the company didn't say\r\nwhat type of info hackers might have accessed either.\r\nhttps://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/\r\nPage 1 of 3\n\n\"We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern,\" a Toyota\r\nspokesperson said today in a message to the press.\r\n\"We take this situation seriously, and will thoroughly implement information security measures at dealers and the\r\nentire Toyota Group.\"\r\nAPT32?\r\nThis is the second cyber-security the company has announced this year, after disclosing a similar incident in late\r\nFebruary, but affecting its Australian branch.\r\nThe attack on its Australian office was more disruptive in nature, bringing down Toyota Australia's ability to\r\nhandle sales and deliver new cars, and has been attributed by some industry experts to APT32 (OceanLotus), a\r\nVietnamese cyber-espionage unit with a known focus on the automotive industry.\r\nExperts suggested that APT32 hackers might have targeted Toyota's Australia branch as a way to get into Toyota's\r\nmore secure central network in Japan.\r\nAt the time, Toyota declined to confirm any of these theories and attribute the attack to APT32 hackers.\r\nHowever, the company did say that it would start an internal audit of its IT systems following the attack on its\r\nAustralian branch, and today's announcement only pours fuel on the APT32 theories.\r\nThe scope and scale of #APT32's 🇻🇳 activity remains largely unchanged from:\r\nhttps://t.co/ktit15l0si\r\n\"Since at least 2014, FireEye has observed APT32 targeting foreign corporations with a\r\nvested interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.\"\r\n— Nick Carr (@ItsReallyNick) March 14, 2019\r\nUpdated on March 30: On the same day that Toyota Japan announced its data breach, Toyota Vietnam and\r\nToyota Thailand also announced cyber-security incidents, albeit without any details about the hacks and if they're\r\nconnected to the Toyota Japan incident.\r\nTop vehicle hacking examples (in pictures)\r\nMore data breach coverage:\r\nCompanies are leaking sensitive files via Box accounts\r\nNokia firmware blunder sent some user data to China\r\n'Yelp for conservatives' MAGA app leaks users data\r\nDatabase leaks 250K legal documents, some marked 'not designated for publication'\r\nFEMA 'unnecessarily' shared data of 2.3 million disaster victims with contractor\r\nCryptocurrency platforms DragonEx and CoinBene disclose hacks\r\nFacebook passwords by the hundreds of millions sat exposed in plain text CNET\r\nFacebook data privacy scandal: A cheat sheet TechRepublic\r\nhttps://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/\r\nPage 2 of 3\n\nSource: https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/\r\nhttps://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/" ], "report_names": [ "toyota-announces-second-security-breach-in-the-last-five-weeks" ], "threat_actors": [ { "id": "af509bbb-8d18-4903-a9bd-9e94099c6b30", "created_at": "2023-01-06T13:46:38.585525Z", "updated_at": "2026-04-10T02:00:03.030833Z", "deleted_at": null, "main_name": "APT32", "aliases": [ "OceanLotus", "ATK17", "G0050", "APT-C-00", "APT-32", "Canvas Cyclone", "SeaLotus", "Ocean Buffalo", "OceanLotus Group", "Cobalt Kitty", "Sea Lotus", "APT 32", "POND LOACH", "TIN WOODLAWN", "Ocean Lotus" ], "source_name": "MISPGALAXY:APT32", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "3f42c8f4-2cf1-4555-abff-b19852033aec", "created_at": "2023-11-08T02:00:07.099084Z", "updated_at": "2026-04-10T02:00:03.41336Z", "deleted_at": null, "main_name": "TA499", "aliases": [ "Vovan", "Lexus" ], "source_name": "MISPGALAXY:TA499", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "870f6f62-84f5-48ca-a18e-cf2902cd6924", "created_at": "2022-10-25T15:50:23.303818Z", "updated_at": "2026-04-10T02:00:05.301184Z", "deleted_at": null, "main_name": "APT32", "aliases": [ "APT32", "SeaLotus", "OceanLotus", "APT-C-00", "Canvas Cyclone" ], "source_name": "MITRE:APT32", "tools": [ "Mimikatz", "ipconfig", "Kerrdown", "Cobalt Strike", "SOUNDBITE", "OSX_OCEANLOTUS.D", "KOMPROGO", "netsh", "RotaJakiro", "PHOREAL", "Arp", "Denis", "Goopy" ], "source_id": "MITRE", "reports": null }, { "id": "5da6b5fd-1955-412a-81aa-069fb50b6e31", "created_at": "2025-08-07T02:03:25.116085Z", "updated_at": "2026-04-10T02:00:03.668978Z", "deleted_at": null, "main_name": "TIN WOODLAWN", "aliases": [ "APT32 ", "Cobalt Kitty", "OceanLotus", "WOODLAWN " ], "source_name": "Secureworks:TIN WOODLAWN", "tools": [ "Cobalt Strike", "Denis", "Goopy", "JEShell", "KerrDown", "Mimikatz", "Ratsnif", "Remy", "Rizzo", "RolandRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "2439ad53-39cc-4fff-8fdf-4028d65803c0", "created_at": "2022-10-25T16:07:23.353204Z", "updated_at": "2026-04-10T02:00:04.55407Z", "deleted_at": null, "main_name": "APT 32", "aliases": [ "APT 32", "APT-C-00", "APT-LY-100", "ATK 17", "G0050", "Lotus Bane", "Ocean Buffalo", "OceanLotus", "Operation Cobalt Kitty", "Operation PhantomLance", "Pond Loach", "SeaLotus", "SectorF01", "Tin Woodlawn" ], "source_name": "ETDA:APT 32", "tools": [ "Agentemis", "Android.Backdoor.736.origin", "AtNow", "Backdoor.MacOS.OCEANLOTUS.F", "BadCake", "CACTUSTORCH", "CamCapture Plugin", "CinaRAT", "Cobalt Strike", "CobaltStrike", "Cuegoe", "DKMC", "Denis", "Goopy", "HiddenLotus", "KOMPROGO", "KerrDown", "METALJACK", "MSFvenom", "Mimikatz", "Nishang", "OSX_OCEANLOTUS.D", "OceanLotus", "PHOREAL", "PWNDROID1", "PhantomLance", "PowerSploit", "Quasar RAT", "QuasarRAT", "RatSnif", "Remy", "Remy RAT", "Rizzo", "Roland", "Roland RAT", "SOUNDBITE", "Salgorea", "Splinter RAT", "Terracotta VPN", "Yggdrasil", "cobeacon", "denesRAT", "fingerprintjs2" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434415, "ts_updated_at": 1775826763, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d9a87ebf537c2958581424784ee43bb246c405cc.pdf", "text": "https://archive.orkl.eu/d9a87ebf537c2958581424784ee43bb246c405cc.txt", "img": "https://archive.orkl.eu/d9a87ebf537c2958581424784ee43bb246c405cc.jpg" } }