Toyota website attacked by rogue former employee
Toyota website attacked by rogue former employee

Toyota has suffered an attack on its intellectual property, which it is blaming on a former contractor.

According to a report by Automotive News, the North American branch of the Toyota Motor company claimed that Ibrahimshah Shahulhameed illegally accessed one of its websites after he was dismissed from the company. It claimed that within hours of his dismissal, Shahulhameed logged into the toyotasupplier.com website without authorisation and downloaded proprietary plans for parts, designs and pricing information for six hours.

Toyota said: “If this information were disseminated to competitors or otherwise made public, it would be highly damaging to Toyota, and its suppliers, causing immediate and irreparable damage.”

Toyota manufacturing spokesman Rick Hesterberg said that Toyota was continuing to investigate the security breach and did not know what had happened with the confidential information, or whether it may have changed hands.

He said: “We currently do not believe that any supplier data or our proprietary company information has been disseminated. It's too early to speculate on what-if's.”

Graham Cluley, senior technology consultant at Sophos, said: “What isn't clear, at this time, is whether Toyota are claiming that Shahulhameed accessed their computer systems by exploiting a vulnerability or whether they had simply not reset staff passwords that he may have had access to in his position as an IT contractor with the firm.

“The details in the Toyota case are currently unclear. But regardless of that, it's a timely reminder to all businesses to remember the importance of reviewing who has access to your systems, and to underline that changing passwords and resetting access rights is essential when a member of staff leaves the company.”