Toyota 2025 Data Breach

Toyota Automotive Manufacturer Breach (Salesforce, 2025): 110 Million Customer Contact Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersVehicleEmail AddressFull NamePhone NumberPhysical Address
Low SeverityWebsite / service breach

Toyota Automotive Manufacturer Breach (Salesforce, 2025): 110 Million Customer Contact Records Exposed

Global automotive manufacturer.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
10Data Value

Breach Intelligence Summary

Entity: Toyota · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Automotive manufacturing · Global vehicle brand · Global
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 110.3M records · 4 fields: Email Address, Full Name, Phone Number, Physical Address
Status: Reported

Executive Summary

Toyota suffered a data breach affecting approximately 110.3 million customer records, making it the largest single-company victim in a broader attack campaign targeting Salesforce integrations throughout 2025. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample of the stolen data on October 3, 2025, and announced plans to release the full dataset on October 10, 2025. Salesforce attributed the campaign to vulnerabilities in customer-side integrations rather than a compromise of its core platform, suggesting the breach pathway ran through how Toyota or a third party had connected to Salesforce services. The exposed records include full names, home addresses, email addresses, home phone numbers, nationality, customer ID numbers, and account status information. The data also reveals whether affected individuals had opted out of marketing communications or exercised data privacy rights, which tells attackers something about how privacy-conscious a target may be. Together, this combination of contact and identity data is well-suited for phishing attacks, financing scams, and dealership impersonation schemes. Because the data is linked to automotive customers, it can also enable targeted fraud tied to vehicle ownership, service records, or recall communications. Toyota had not made detailed public statements about its specific response to this campaign as of the time of reporting. No regulatory actions or legal proceedings have been publicly confirmed. Affected individuals face a high and ongoing risk of impersonation fraud, particularly from attackers posing as Toyota, Lexus, or affiliated dealerships and financial services. Anyone who has been a Toyota customer should treat unexpected emails, calls, or messages about their vehicle, account, or financing with heightened suspicion and verify directly through official Toyota channels before taking any action.

ObscureIQ assessment: High risk of phishing, financing scams, dealership impersonation, and vehicle-linked targeting. Vehicle ownership and service data can also create physical-world safety concerns.

Breach Impact

Toyota was among the largest named victims in the Scattered LAPSUS$ Hunters Salesforce campaign, with approximately 110 million customer records listed — the largest single-company count in the campaign. The exposed data included names, email addresses, phone numbers, and home addresses. Toyota has not made detailed public statements about its specific response to this campaign. Salesforce attributed the campaign to customer-side integration vulnerabilities rather than a compromise of its core platform.

About Toyota

Toyota is one of the world's largest automotive manufacturers, producing vehicles under the Toyota, Lexus, Daihatsu, and Hino brands across manufacturing facilities and sales networks in more than 170 countries. The company is headquartered in Toyota City, Japan, and publicly traded on the Tokyo Stock Exchange. It operates a financial services arm, a mobility technology division, and a growing electric vehicle development program.

Why They Hold Your Data

Global vehicle manufacturers collect customer identity, ownership records, financing data, service history, telematics-linked information, and dealer interactions across vehicle lifecycle operations.

Recent Developments

Toyota has been accelerating its electric vehicle strategy following criticism that it lagged behind competitors in EV development. The company announced significant investments in battery technology and EV production capacity in North America and Japan. It has also faced scrutiny in Japan over governance and production data irregularities at some facilities. The 2025 Salesforce campaign represented the most significant data security event of the recent period for the company.

Data Points Exposed

4 verified field types
Email Address
Full Name High
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Toyota breach?

Toyota suffered a data breach affecting approximately 110.3 million customer records, making it the largest single-company victim in a broader attack campaign targeting Salesforce integrations throughout 2025. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation