Toyota halts manufacturing at all 14 factories in Japan, after a suspected ransomware cyberattack at supplier Kojima Industries Corp
Car giant Toyota has suspended production at all its fourteen manufacturing plants in Japan, after a suspected cyberattack at a Toyota subsidiary.
“Due to a system failure at a domestic supplier (Kojima Industries Corp), we have decided to suspend the operation of 28 lines at 14 plants in Japan on Tuesday, March 1st (both 1st and 2nd shifts),” Toyota announced. “We apologise to our relevant suppliers and customers for any inconvenience this may cause.”
“We will also continue to work with our suppliers in strengthening the supply chain and make every effort to deliver vehicles to our customers as soon as possible,” the car maker added.
It is being reported that the ‘system failure’ struck Kojima Industries on Saturday and the company’s servers were shut down on Sunday.
Asia Nikkei, citing sources, reported that a cyberattack was to blame.
Kojima Industries supplies plastic parts and electronic components to Toyota, and an official close to Kojima Industries told Nikkei on Monday.
“It is true that we have been hit by some kind of cyberattack,” the official reportedly said. “We are still confirming the damage and we are hurrying to respond, with the top priority of resuming Toyota’s production system as soon as possible.”
The company said on Monday it was still investigating the origin of the cyberattack, the specific malware involved and the damage caused.
Then on Tuesday Kojima Industries confirmed that it had received a message demanding ransom and after it confirmed the existence of a virus.
“Toyota representatives and cybersecurity experts are at Kojima Industries to determine the cause and how to restore” the system, a source familiar with the situation told Nikkei.
Toyota, like many other car makers, operates a just-in-time production control system, where supplies are delivered as and when needed.
This means that problems at Kojima Industries had an almost instant impact at Toyota.
The car maker reportedly halted production to prevent longer-term damage, and prioritised inspection and recovery of the system.
This shutdown means that 13,000 vehicles will not be produced.
Toyota is expected to restart manufacturing on Wednesday 2 March.
The cyberattack on the Japanese car giant comes as Japan agreed to join the international community in blocking Russia’s access to the SWIFT banking system.
There is no evidence at the time of writing about who is responsible for the Toyota attack, but Western agencies, including the UK’s NCSC, have repeatedly warned organisations to prepare for cyberattacks spilling over from Russia’s invasion of Ukraine.
Securing supply chain
One security expert pointed to Toyota’s supply chain situation as an example why it is so important to secure not just the network, but data as well.
“Toyota’s reaction to a cyberattack on its supplier shows that no matter how secure a company is, it’s still possible for determined hackers to break into a supply chain partner, three or four levels removed from your own organisation,” noted Shane Curran, CEO at encryption firm, Evervault.
“Toyota’s reaction to a cyberattack on its supplier shows that no matter how secure a company is, it’s still possible for determined hackers to break into a supply chain partner, three or four levels removed from your own organisation,” said Curran. “That’s why you need to be securing your data, not just your network.”
“Companies should seriously consider how strong their encryption is and whether they’re inadvertently storing information in a way that makes it easy for hackers to access sensitive information, not just about themselves but their partners and customers,” said Curran.