Honda was hit by a cyber attack affecting its global operations in June, 2020. Previously, Honda experienced data leak of vehicle owner records and data leak of employee data in 2019. It was hit by WannaCry on 2017. Honda data breach of 2010 affected 2.2 million customers in the United States.
Honda cyber attack affected its global operations (2020)
On June 8, 2020 Honda confirmed a cyber attack affecting its global operations. The computer virus detected on internal servers in Tokyo. Honda confirmed their customer services and financial services were “experiencing technical difficulties and are unavailable”. According to BBC, the problem affected Honda’s its ability to access its computer servers, use email and otherwise make use of its internal systems. Honda added “the virus had spread” across the networks, without further details.
Following the cyber attack, Honda restricted its employees from using work computers after the breach. Car plants in Ohio and Turkey and motorcycle factories in Brazil and India reportedly remain closed till June 12, 2020. Honda resumed its production at automobile and motorcycle plants. In its comment for Reuters the spokesman said that “It appears that our customers’ personal information has not been affected” during the cyber attack.
It appears that our customers’ personal information has not been affectedHonda spokesman
According to Malwarebytes, this incident may be tied to the EKANS or SNAKE ransomware family. On June 8, 2020 the MalwareBytes researcher shared the ransomware samples.
They found mentions of a network name related to Honda: mds.honda.com. This domain name is presumably a part of an internal network at Honda. The researchers say the malware tries to resolve to a hardcoded hostname (mds.honda.com), if, and only if it does, will the file encryption begin.
Rumors are circulating the malicious software used in this Honda hack previously known to be used by state agents.
It is not the first time Honda was hacked.
Honda exposes 1 million vehicle owners records (2019)
On December 11, 2019 976 millions of records by Honda North America infrastructure were exposed online via an open and unprotected Elasticsearch cluster. This Honda data leak was identified by a researcher Bob Diachenko.
Over 1 million records was related to Honda vehicle owners, including full name, email address, phone number, mailing address, vehicle make and model, Vehicle Identification Number (VIN), agreement ID, other service information.
After being informed, Honda secured the server within hours. According to official statement, Honda “estimates the number of unique consumer related records in this database to be around 26,000”. It is unclear whether any malicious actors were able to access the database before.
Honda leaks 40GB of employee data (2019)
On July 4, 2019 Honda’s 40GB of data containing approximately 134 million documents related to 300,000 employees exposed to the public due to misconfigured Elasticsearch database. The data related to Honda’s internal systems and devices going back to March 13, 2019.
This data leak was discovered by a researcher Justin Paine (xxdesmus) through Shodan. The data included machine hostname, MAC address, internal IP, operating system version, which patches had been applied, and the status of Honda’s endpoint security software.
It also included employee information such as names, emails and the employee’s last login. Finally, the leak included data related to the CEO’s laptop. This should not be considered as data breach, as according to Honda’s statement, the database was not stolen, as there were no signs of the the data download by any third parties.
Honda’s networks affected by WannaCry cyber attack (2017)
Another notable Honda breach occurred in 2017, when WannaCry virus cyber attack stopped its production for a day at a domestic plant. Honda discovered data breach on June 18, 2017 — a month after the WannaCry global disruption. It affected Honda’s networks across Japan, North America, Europe, China and other regions. Production at other Honda plants had not been affected, and regular operations had resumed at the Sayama plant on Tuesday.
Honda data breach affecting 2.2 million customers in the United States (2010)
On December 30, 2010 the database containing information on the owners and their cars was hacked. The data leaked included names, login names, e-mail addresses and Vehicle Identification Number (VIN).
Following the cyber attack, Honda sent notification to its customers and pointed out that the list was managed by a vendor. Honda’s officially stated that it would be “difficult” for the identity to be stolen based on the leaked information.