Toyota Confirms Breach After Medusa Ransomware Threatens to Leak Data

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

Related: Toyota Supplier Denso Under a Ransomware Attack

The Medusa ransomware gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from the Japanese company. The threat actors gave Toyota 10 days to respond, with the option to extend the deadline for $10,000 per day. While Toyota Finance did not confirm if data was stolen in the attack, the threat actors claim to have exfiltrated files and threatened that the data will be leaked if a ransom is not paid.


To prove the intrusion, the hackers published sample data that includes financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more.

Related: Toyota Halts All Plants in Japan Due to Production Glitch

Medusa also provides a .txt file with the file tree structure of all the data they claim to have stolen from Toyota’s systems. Most of the documents are in German, indicating that the hackers managed to access systems serving Toyota’s operations in Central Europe. Responding to the situation, a TFS spokesperson said:

“Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations.”

“We took certain systems offline to investigate this activity and to reduce risk and have also begun working with law enforcement.”

“As of now, this incident is limited to Toyota Financial Services Europe & Africa.”

Regarding the status of the impacted systems and their estimated return to normal operations, the spokesperson said the process of bringing systems back online is already underway in most countries.

Source: Bleeping Computer

Notify of
Inline Feedbacks
View all comments