The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.
The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).
The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.