Toyota suffered a data breach affecting approximately 110.3 million customer records, making it the largest single-company victim in a broader attack campaign targeting Salesforce integrations throughout 2025. The threat actor, a group calling itself "Scattered LAPSUS$ Hunters," released a sample of the stolen data on October 3, 2025, and announced plans to release the full dataset on October 10, 2025. Salesforce attributed the campaign to vulnerabilities in customer-side integrations rather than a compromise of its core platform, suggesting the breach pathway ran through how Toyota or a third party had connected to Salesforce services. The exposed records include full names, home addresses, email addresses, home phone numbers, nationality, customer ID numbers, and account status information. The data also reveals whether affected individuals had opted out of marketing communications or exercised data privacy rights, which tells attackers something about how privacy-conscious a target may be. Together, this combination of contact and identity data is well-suited for phishing attacks, financing scams, and dealership impersonation schemes. Because the data is linked to automotive customers, it can also enable targeted fraud tied to vehicle ownership, service records, or recall communications. Toyota had not made detailed public statements about its specific response to this campaign as of the time of reporting. No regulatory actions or legal proceedings have been publicly confirmed. Affected individuals face a high and ongoing risk of impersonation fraud, particularly from attackers posing as Toyota, Lexus, or affiliated dealerships and financial services. Anyone who has been a Toyota customer should treat unexpected emails, calls, or messages about their vehicle, account, or financing with heightened suspicion and verify directly through official Toyota channels before taking any action.

Global vehicle manufacturers collect customer identity, ownership records, financing data, service history, telematics-linked information, and dealer interactions across vehicle lifecycle operations.

Toyota has been accelerating its electric vehicle strategy following criticism that it lagged behind competitors in EV development. The company announced significant investments in battery technology and EV production capacity in North America and Japan. It has also faced scrutiny in Japan over governance and production data irregularities at some facilities. The 2025 Salesforce campaign represented the most significant data security event of the recent period for the company.