{
	"id": "e35896f9-e37c-409f-8e46-59be9b39d46d",
	"created_at": "2026-04-06T00:17:33.545664Z",
	"updated_at": "2026-04-10T03:33:23.816444Z",
	"deleted_at": null,
	"sha1_hash": "f8f8906628dc77695c31f1ccb272805da76245dd",
	"title": "Toyota alleges stolen customer data published on hacking site came from outside supplier - SiliconANGLE",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 65375,
	"plain_text": "Toyota alleges stolen customer data published on hacking site came\r\nfrom outside supplier - SiliconANGLE\r\nBy by Duncan Riley\r\nPublished: 2024-08-21 · Archived: 2026-04-05 14:45:31 UTC\r\nToyota alleges stolen customer data published on hacking site came from outside supplier\r\nData relating to customers of Toyota Motor Co. has been shared online in yet another case involving the Japanese\r\ncar maker and a data breach, but Toyota is claiming that the data came from a third-party supplier and that it was\r\nnot directly breached.\r\nThe latest breach involving Toyota came to light after a threat actor called ZeroSevenGroup shared 240 gigabytes\r\nof data claimed to have been stolen from Toyota on the infamous hacking site BreachForums. The threat actor\r\nclaimed to have breached Toyota’s U.S. branch to steal employee and customer data, contract and financial\r\ninformation and network infrastructure information, including credentials.\r\n“We have hacked a branch in United States to one of the biggest automotive manufacturer in the world\r\n(TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB,” ZeroSevenGroup\r\nwrote. “Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network\r\ninfrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with\r\npasswords.”\r\nBleeping Computer reported Monday that the files were stolen or at least created on Dec. 25, 2022, indicating the\r\ndate the threat actor may have gained access to a backup server where the data was stored.\r\nThough some reports are taking the word of ZeroSevenGroup that it hacked Toyota, the company claims it was\r\nnot hacked.  “Toyota Motor North America was not the subject of this activity,” the spokesperson from Toyota\r\ntold several media outlets. “Contrary to what has been reported, our systems were not breached or compromised,”\r\nadding that the hacked data “appears related to a third-party entity that is misrepresented as Toyota.”\r\nWho the third-party entity is was not disclosed by Toyota and Toyota did not deny that the data related to its\r\ncustomers.\r\nThough it’s fair to give Toyota the benefit of the doubt here, jumping to the conclusion that Toyota may have been\r\nhacked directly is perhaps understandable, given the company’s extensive history of data breaches.\r\nhttps://siliconangle.com/2024/08/20/toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier/\r\nPage 1 of 3\n\nAlong with the German arm of Toyota’s financial services branch being hacked late last year, previous Toyota-related breaches include a security researcher revealing that he had gained access to Toyota’s Global Supplier\r\nPreparation Information Management System in February 2023. Some 300,000 customers potentially had their\r\ndata stolen it Toyota left access key on GitHub in October 2022. The same month, data was also stolen from\r\nDenso Corp., a global automotive manufacturer based in Japan that’s 25% owned by Toyota.\r\nIn March 2022, Toyota was forced to halt manufacturing operations at all of its plants in Japan after a cyberattack\r\nstruck Kojima Industries Corp. And 3.1 million customers were affected when Toyota Motor North America was\r\nhacked in 2019.\r\nDr. Howard Goodman, technical director at enterprise cybersecurity solutions provider Skybox Security Inc., told\r\nSiliconANGLE that this latest breach underscores the growing sophistication of threat actors that exploit\r\nvulnerabilities within critical infrastructures.\r\n“This breach serves as a stark reminder that traditional cybersecurity measures are no longer sufficient in\r\nisolation,” Goodman said. “Organizations must adopt a comprehensive, multilayered cybersecurity strategy that\r\nincorporates cyberthreat exposure management and attack path analysis to proactively identify and mitigate\r\npotential threats before they can be exploited.”\r\nImage: SiliconANGLE/Ideogram\r\nA message from John Furrier, co-founder of SiliconANGLE:\r\nSupport our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s\r\nAlumni Trust Network, where technology leaders connect, share intelligence and create opportunities.\r\n15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more\r\n11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future\r\nthrough a unique trusted-based network.\r\nAbout SiliconANGLE Media\r\nSiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology,\r\nstrategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE\r\nNetwork, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in\r\nSilicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media,\r\ntechnology and AI.\r\nFounded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic\r\necosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new\r\nproprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com\r\nneural network to help technology companies make data-driven decisions and stay at the forefront of industry\r\nconversations.\r\nhttps://siliconangle.com/2024/08/20/toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier/\r\nPage 2 of 3\n\nSource: https://siliconangle.com/2024/08/20/toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier/\r\nhttps://siliconangle.com/2024/08/20/toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://siliconangle.com/2024/08/20/toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier/"
	],
	"report_names": [
		"toyota-alleges-stolen-customer-data-published-hacking-site-came-outside-supplier"
	],
	"threat_actors": [
		{
			"id": "9de1979b-40fc-44dc-855d-193edda4f3b8",
			"created_at": "2025-08-07T02:03:24.92723Z",
			"updated_at": "2026-04-10T02:00:03.755516Z",
			"deleted_at": null,
			"main_name": "GOLD LOCUST",
			"aliases": [
				"Anunak",
				"Carbanak",
				"Carbon Spider ",
				"FIN7 ",
				"Silicon "
			],
			"source_name": "Secureworks:GOLD LOCUST",
			"tools": [
				"Carbanak"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "cfdd35af-bd12-4c03-8737-08fca638346d",
			"created_at": "2022-10-25T16:07:24.165595Z",
			"updated_at": "2026-04-10T02:00:04.887031Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"Cosmic Wolf",
				"Marbled Dust",
				"Silicon",
				"Teal Kurma",
				"UNC1326"
			],
			"source_name": "ETDA:Sea Turtle",
			"tools": [
				"Drupalgeddon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "33ae2a40-02cd-4dba-8461-d0a50e75578b",
			"created_at": "2023-01-06T13:46:38.947314Z",
			"updated_at": "2026-04-10T02:00:03.155091Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"UNC1326",
				"COSMIC WOLF",
				"Marbled Dust",
				"SILICON",
				"Teal Kurma"
			],
			"source_name": "MISPGALAXY:Sea Turtle",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "62b1b01f-168d-42db-afa1-29d794abc25f",
			"created_at": "2025-04-23T02:00:55.22426Z",
			"updated_at": "2026-04-10T02:00:05.358041Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"Sea Turtle",
				"Teal Kurma",
				"Marbled Dust",
				"Cosmic Wolf",
				"SILICON"
			],
			"source_name": "MITRE:Sea Turtle",
			"tools": [
				"SnappyTCP"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "15f0b90a-facf-411c-b24b-60da73d2cdd0",
			"created_at": "2024-09-20T02:00:04.573167Z",
			"updated_at": "2026-04-10T02:00:03.693676Z",
			"deleted_at": null,
			"main_name": "ZeroSevenGroup",
			"aliases": [],
			"source_name": "MISPGALAXY:ZeroSevenGroup",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434653,
	"ts_updated_at": 1775792003,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f8f8906628dc77695c31f1ccb272805da76245dd.pdf",
		"text": "https://archive.orkl.eu/f8f8906628dc77695c31f1ccb272805da76245dd.txt",
		"img": "https://archive.orkl.eu/f8f8906628dc77695c31f1ccb272805da76245dd.jpg"
	}
}