Cyber Incident Victim: Toyota

In February 2019, Toyota Australia experienced a cyberattack impacting its dealership network, first detected on or around February 19. The incident disrupted corporate IT systems, causing operational challenges across 279 Australian dealerships. While dealerships remained functional for customer inquiries, the attack specifically affected parts supply systems, leading to delays in vehicle servicing. Toyota issued a public statement two days after the initial disruption, confirming the attack's impact on backend operations but assuring customers that core services remained available. No customer data compromise was reported in this initial Australian incident. Security researchers later linked this event to a broader campaign targeting Toyota subsidiaries globally.

Approximately one month later, Toyota disclosed a separate security breach affecting multiple Japanese sales subsidiaries, including Tokyo Sales Holdings, Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla. Unauthorized access to these subsidiaries' systems potentially exposed personal information of up to 3.1 million customers, though Toyota explicitly stated credit card data was not involved. The company's March 29 breach notification emphasized that while data exfiltration remained unconfirmed, comprehensive investigations were ongoing. Toyota issued public apologies to affected customers and pledged enhanced security measures across its dealer network and corporate group. Security analysts attributed both incidents to APT32 (OceanLotus/Cobalt Kitty), a Vietnamese-linked threat group known for targeting foreign automotive and manufacturing investments in Southeast Asia. The coordinated attacks highlighted systemic vulnerabilities across Toyota's geographically dispersed operations, with the Australian disruption affecting supply chains and the Japanese breach risking large-scale personal data exposure.