Last week, a cybercriminal using the username ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums. They claimed the data came from a hack on the US plant of car manufacturer Toyota.

ZeroSevenGroup claims the dump contains customer and employee data.

“We hacked a facility in the United States of one of the largest automakers in the world (TOYOTA).
We are happy to share the files with you here for free.
Content: Everything like contacts, finances, customers, schedules, employees, photos, databases, network infrastructure, emails and much more perfect data.
We also offer you AD-Recon for all target networks with passwords
We’re not kidding, we’ve been on the network for quite some time.”

Toyota told BleepingComputer that a third-party breach had led to the data being stolen. After reviewing the files, BleepingComputer concluded that they were stolen or at least created on December 25, 2022.

The car dealer has already notified the affected persons, but has not provided any technical details about the incident. According to Toyota:

“We are aware of the situation. The issue is limited in scope and is not a system-wide issue. We have contacted those affected and will provide assistance as needed.”

Toyota and Toyota Financial Services have suffered multiple data breaches in the past, so it is difficult to say exactly where and when the information was obtained.

Protecting yourself after a data breach

There are a number of measures you can take if you are or suspect that you are a victim of a data breach.

• Check the seller’s advice. Every breach is different, so check with the supplier to see what happened and follow any specific advice.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use anywhere else. Better yet, have a password manager choose one for you.
• Enable two-factor authentication (2FA). If possible, use a FIDO2-compatible hardware key, laptop, or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cannot be phished.
• Beware of fake sellers. The thieves may contact you by posing as the seller. Check the seller’s website to see if they are contacting victims, and verify the identity of anyone who contacts you through another communication channel.
• Take your time. Phishing attacks often impersonate well-known individuals or brands and use themes that require urgent attention, such as missed deliveries, account suspensions, and security warnings.
• Consider not saving your card detailsIt’s certainly more convenient if sites remember your card details for you, but we strongly recommend not saving that information on websites.
• Set up identity control. With Identity Monitoring, you will be notified if your personal information is being traded illegally online and will be helped with recovery.

Malwarebytes has a free tool that lets you check how much of your personal information has been exposed online. Submit your email address (it’s best to enter the one you use most often) to our free Digital Footprint scan and we’ll give you a report and recommendations.