Toyota Accuses Former IT Contractor Of Data BreachToyota Accuses Former IT Contractor Of Data Breach
Third-party IT contractor breached Toyota's systems, compromised sensitive data, automaker says
September 1, 2012
Toyota has accused a former IT contractor of stealing sensitive information from its systems.
In a complaint filed at the U.S. District Court in Kentucky, the North American branch of Toyota Motor Co. says that Ibrahimshah Shahulhameed illegally accessed one of its websites after being dismissed from his contracting job on Aug. 23.
According toindustry reports, within hours of his dismissal, Shahulhameed is accused of logging into the toyotasupplier.com website without authorization and spending hours downloading proprietary plans for parts, designs, and pricing.
Toyota uses the website to exchange highly sensitive information with its suppliers about current and future products.
If the compromised data was made public, then "it would be highly damaging to Toyota, and its suppliers, causing immediate and irreparable damage," the automaker said.
According to a report in Automotive News, Shahulhameed also has been accused of sabotaging software on Toyota's systems, causing computers to crash.
A restraining order has been placed on Shahulhameed, who is an Indian citizen, that prevents him from leaving the United States or disseminating the trade secrets.
"What isn't clear, at this time, is whether Toyota is claiming that Shahulhameed accessed their computer systems by exploiting a vulnerability, or whether they had simply not reset staff passwords that he may have had access to in his position as an IT contractor with the firm," said experts at security firm Sophos in their blogged analysis of the incident.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
The Impact of XDR in the Modern SOC