First out, is a hit to the European operations of Toyota’s subsidiary Daihatsu Diesel Company, which is a well renowned internal combustion engine manufacturer from Japan. Daihatsu announced on May 16th on their website that they two days earlier encountered a problem in accessing their file server of their internal system.

The short announcement reads:

“Cyber-attacks on European subsidiary of Daihatsu Diesel

The European subsidiary company of DAIHATSU Diesel group has experienced a problem in accessing its file server in the internal system on 14 May 2021. After a brief investigation, a cyber attack by an unauthorised access from a third party was confirmed as a cause of this issue. The company has immediately shut down all networks and systems to prevent any further damage, and reported the authorities. Also the company has already started to build the investigation and countermeasure with external cyber security specialist and IT support company. In addition, we have verified that there are no further unauthorised access or problems in other companies of the Daihatsu Diesel Mfg. Co. Ltd. Group.

We would like to express our sincere apologies for the inconvenience and concern caused to our customers and other stakeholders.

Further announcements would be made through the website as soon as new information is available.”

Daihatsu immediately shut down their computer networks and systems and launched an investigation where an external cybersecurity specialist and IT support company was hired to investigate the incident and repair the breach. Daihatsu claims that no further unauthorized access or problems within any other group companies have been reported. Also, no ransom demand has been confirmed, and at the time of writing, no one has been forthcoming with the attack.

Next Toyota related cyberattack was also directed to a Toyota subsidiary: US Auto Parts Manufacturing Mississippi. The attack was also a ransomware attack but here financial and customer data were ex-filtrated and exposed. The company claims that no payment has been made, but whether they have received a demand or not, is not revealed.

Written by Joakim Rosell