Toyota’s United States manufacturing company has accused one of its former IT contractors of hacking into their supplier website and obtained sensitive information, to which Toyota claims could damage not only their relationships with their Tier 1 suppliers, but the company itself. They also claim that he had sabotaged their internal computer software.
They have already filed a complaint last week with the U.S District Court in Lexington, Kentucky, accusing Ibrahimshah Shahulhameed, formerly with Toyota Motor Engineering & Manufacturing North America, Inc. Shahulhameed is a native of India.
Per the complaint, Toyota was granted a restraining order to prevent him from attempting to leave the United States, and/or the attempt to distribute the obtained information. It has been rumoured that he will attempt to leave the country, and return home to India. No word yet as to what specific information was obtained, as Toyota is still conducting their investigation.
More specifically, it is being reported that Shahulhameed was terminated on August 23rd, and had logged into the system at midnight, staying on until 6:30 am downloading trade secrets and other vital information. It is also reported that he had modified 13 different software applications, thereby corrupting them.
The system in question was Toyota’s own Web portal, toyotasupplier.com, a data network that Toyota uses to exchange information with their suppliers on current and upcoming projects. Since vehicles can take up to 6-10 years before they begin production, the amount of information could potentially cripple Toyota’s competitive edge in the marketplace.
As of now, the whereabouts of Mr. Shahulhameed are unknown, and any attempts to contact both him and the attorney representing hi have been unsuccessful. The next logical step would be once the investigation concludes, then formal charges can be placed on him, and a warrant for his arrest can be issued. I look for the federal authorities to cooperate with the appropriate Indian authorities in this matter.
While this is unfortunate, it highlights one of any company’s biggest nightmares…the repercussions of terminating any employee, especially one that has access to sensitive information. Where Toyota dropped the ball is that they did not terminate his ability to be able to log into the system. Even if they did, I suspect that he was still able to get in rather easily. Companies need to be able to change usernames and passwords, as well as other security measures, immediately after any of their IT personnel are let go from their company. Stay tuned to the latest updates…
News Source: Autoblog