Data of 19,000 Toyota Industries employees exposed in breach

Protected health information of approximately 19,000 current and former employees of Toyota Industries North America Inc., headquartered in Columbus, Indiana, was exposed in a security incident, the company reported in a September notice.

According to the notice, the company discovered on August 30 that an unauthorized third party gained access to email accounts around August 15. After discovering the breach, the company contacted information security experts to help secure the email system and ensure the unauthorized third party no longer had access.

The exposed data the third party had access to via the compromised email accounts included:

• Dates of birth
• Diagnoses
• Driver’s license numbers
• Email addresses
• Financial account information
• Full names
• Health plan beneficiary numbers
• Home addresses
• Phone numbers
• Photographs of birth certificate
• Photographs of driver’s license
• Photographs of passport
• Photographs of social security card
• Portal usernames, passwords and security questions
• Prescription information
• Social security numbers
• Treatment information

In response to the incident, the company is also reviewing its security practices and considering a multifactor authentication requirement, as well as revising mandatory password protection and reset policies, according to the notice.