Hackers access healthcare, personal info from Toyota entity

Hackers accessed information systems at Toyota Industries North America, compromising personal and protected health information.

The company, which has its North American headquarters in Indiana, estimates that information of about 19,000 individuals may have been affected. Affected data may have included health insurance information, company executives say.

On August 30, the company learned that two weeks earlier an unauthorized third party may have accessed the corporate email system. Toyota Industries engaged forensic experts to secure email, eliminate unauthorized access and determine what information may have been accessed.

Toyota Industries HQ-CROP.jpg

Data at risk included patient names, home addresses, dates of birth, phone numbers, financial information, Social Security numbers, photos of Social Security cards, and at least 12 additional types of sensitive data.

“At this point, the company is not aware of any misuse of personal information because of this incident, and to date, the company has no evidence that this data was removed from its systems,” affected individuals were told.

Also See: Best practices for defending against emerging email threats

Mitigation of the data breach includes reviewing new options to enhance data security training, technical and security practices to reduce the risk of a reoccurance, implementing multifactor authentication, implementing real-time security monitoring improvements, and revising and redistributing mandatory password protections.

Toyota Industries is offering affected employees and other individuals one year of credit monitoring and identity theft protection services.

For reprint and licensing requests for this article, click here.