Image: k s via Unsplash

Toyota recovering from cyberattack on its financial services division

Toyota is bringing some services in its European and African financial services department back online after discovering a cyberattack.

A spokesperson for the car maker directed Recorded Future News to a statement the company published about the incident following claims made by a notorious ransomware gang.

“Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations. We took certain systems offline to investigate this activity and to reduce risk, and have also begun working with law enforcement. In most countries, we have started bringing our systems back online,” the company said.

“We are working diligently to get systems back online as soon as possible and we regret any inconvenience caused to our customers and business partners. As of now, this incident is limited to Toyota Financial Services Europe & Africa.”

Cybersecurity expert Kevin Beaumont noted that Toyota systems accessible through the internet are vulnerable to the “Citrix Bleed” vulnerability that has affected dozens of large companies and governments since it was announced late last month.

The carmaker has dealt with several cybersecurity incidents over the last three years, including a wide-ranging incident announced in May where information on more than 2 million vehicles in Japan was exposed for more than a decade.

Toyota dealt with another breach in April and had to resolve a separate security issue that allowed for widespread access to a platform used by employees to coordinate operations.

The company’s statement came hours after the Medusa ransomware gang claimed to have stolen data from Toyota Financial Services. The group gave the company 10 days to pay a $8 million ransom.

Medusa drew headlines earlier this week for an attack on a technology company created by two of Canada’s largest banks.

The Medusa gang has been behind several high-profile attacks in 2023, including incidents that affected an Italian company that provides drinking water to nearly half a million people, one of the largest school districts in Minnesota, the French town of Sartrouville, Tonga’s state-owned telecommunications company and most recently the government organization that manages the universal healthcare system of the Philippines.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.