According to Toyota, a former employee has hacked into its computer systems and stolen sensitive information.

According to an Automotive News report, Toyota filed a complaint with the U.S. District Court in Lexington, Kentucky late last week. The complaint was filed against former IT contractor Ibrahimshah Shahulhameed, who Toyota says was fired on August 23. According to the filing, Toyota indicates Shahulhameed logged on to its system the evening of his firing and downloaded and printed trade secrets.

One result of the filing is that Toyota has acquired a restraining order against Shahulhameed, prohibiting him from leaving the United States or disseminating the information that Toyota says is ill-gotten company property.

The specific area that was hacked was ToyotaSupplier.com, a site where the automaker's suppliers exchange highly sensitive information with Toyota about both current and future products.

Toyota states that it will continue to investigate the security breach and do not yet know exactly what has happened with the confidential information. There is the possibility that it may have changed hands, but according to a Toyota manufacturing spokesman, "It's too early to speculate on what-if's."

According to the court documents, Shahulhameed is an Indian citizen who was living in Georgetown, Kentucky, and was apparently about to leave for his native India.


I'm reporting this comment as:

Reported comments and users are reviewed by Autoblog staff 24 hours a day, seven days a week to determine whether they violate Community Guideline. Accounts are penalized for Community Guidelines violations and serious or repeated violations can lead to account termination.


    • 1 Second Ago
  • 35 Comments
      KaBaL
      • 2 Years Ago
      Would media stop over using the word "hack". I can't prove this, but I'm guessing they simply did not remove his credentials immediately and he used his actual work account to log in and get the information. That is not a hack, that is an HR issue. Most likely his account was flagged, and should have been disabled immediately, but instead it was put in a queue for the end of day or week. Again, this is not a hack. I could be wrong though.. or he could have simply installed a back door (VPN, or something) to give himself access.. or yeah maybe he did actually "hack".. I'm betting on the first one though.
        LynxFX
        • 2 Years Ago
        @KaBaL
        The story says he "logged in" meaning he still had an account/password or knew of another one, perhaps an admin account being that he worked in IT. I agree, as soon as I saw the word "Hack" I knew he probably just logged back in. It is like people screaming their facebook accounts got hacked when they left their account logged in at an apple store.
        Ron
        • 2 Years Ago
        @KaBaL
        The full story (if you follow the link) say "Toyota alleges in the complaint that Shahulhameed improperly modified 13 software applications on the Web site." to gain access to the information. He may of used his un-disabled accounts to modify those applications, but if he did in fact modify the applications to gain access (even with his administrative credentials) it is a "willful violation or bypass of information security for malicious purposes"... and thus... a "Hack". Now if you REALLY want to get technical on terminology, it would be a "Crack", not a "Hack". A Hack, or to Hack is to code quickly, but not well, or to just work on, to code, or to fix.... exp: "I hacked out a quick work around to that bug" A "Crack" is to exploit, break, or use other means to gain entry to systems or access data that you would not other wise have access. exp: "I cracked the security table and dumped all the employee's salary data" .
        The Angry Intern
        • 2 Years Ago
        @KaBaL
        Yeah, not a hack. This is the IT department being stupid and not disabling his account immediately and/or changing the admin passwords
      Synthono
      • 2 Years Ago
      Protip: When firing IT people, ensure they can no longer access your system before you let them go, not after.
        Kumar
        • 2 Years Ago
        @Synthono
        And then make sure there aren't any random administrator accounts still around that they might have setup, which is probably what this guy used. One thing is for sure...he's going to have to find a new occupation, as 'hacked former company's site' isn't the best recent job experience to list.
      Gordon Chen
      • 2 Years Ago
      And he would've gotten away with it if he only remembered to uncheck the "remember me" box when he logged in
      Cain Gray
      • 2 Years Ago
      I doubt he "hacked" into anything. Someone didn't disable his administrative credentials and he just logged in.
        Ron
        • 2 Years Ago
        @Cain Gray
        The full story (if you follow the link) says "Toyota alleges in the complaint that Shahulhameed improperly modified 13 software applications on the Web site." to gain access to the information. He may of used his un-disabled accounts to modify those applications, but if he did in fact modify the applications to gain access (even with his administrative credentials) it is a "willful violation or bypass of information security for malicious purposes"... and thus... a "Hack".
      JC914
      • 2 Years Ago
      that's what you get for outsourcing.
        Maddoxx
        • 2 Years Ago
        @JC914
        How is it outsourcing? The guy worked in the United states facility of Toyota. Since its Toyota there's nothing really interesting to gain from the hack... Jk
      Rob
      • 2 Years Ago
      Never piss off the IT guys...
        Gordon Chen
        • 2 Years Ago
        @Rob
        Aren't IT guys supposed to be smart? Why did he do it in such a straightforward, trackable way?
      Sorten Borten
      • 2 Years Ago
      Was their system hacked or did they not disable his account at the same time they fired him? The IT department and HR department usually coordinate these actions so the employee can't log in after being fired.
      Val
      • 2 Years Ago
      Reading the title, my first thought was "chinese", but it turned out to be a muslim, and he probably sold the info to the chinese anyway. Racist stereotypes FTW!!!
        jase.s
        • 2 Years Ago
        @Val
        If it's stereotypes you're implying, does that mean if he were a white American he would shoot his former boss?
        404 not found
        • 2 Years Ago
        @Val
        Ignorant fools FTL He's from India.
          BEEEAMMERRR_GUY
          • 2 Years Ago
          @404 not found
          Hey be careful, Indians are now becoming a stereotype for IT development
          Val
          • 2 Years Ago
          @404 not found
          Oh, and i thought he was from the country MUSLIMIA... Is india a country or a religion for you? With a name like that, he shure ain't hindu or singh.
      Timothy Tibbetts
      • 2 Years Ago
      How is it that he logged on either with an installed back door or his own account (more likely since it was same day he was fired) is called hacking? Sort of like that kid who got into Sarah Palins email by guessing her cat was the password was called a hacker. C'mon.
      protovici
      • 2 Years Ago
      Maybe the hacker (medias term to boost a stroy line) can find out who really shot JFK.......... Lets not turn a plan story into a huge scandal. Please and thank you media.
      PICKLEBOY
      • 2 Years Ago
      That sucks
        Peter
        • 2 Years Ago
        @PICKLEBOY
        It serves them right, nobody f***s with Ibrahimshah Shahulhameed. Those idiots should've disabled his account before he left the company
          404 not found
          • 2 Years Ago
          @Peter
          You're assuming they didn't disable his account(s). Possible, but you don't know.
      svntsvn
      • 2 Years Ago
      Oooooooppssssssssss.. Looks like Nelson was here..: Ahhhhhhhhhhhh haaaaaaaaaaaaaa Time for a beer with Homer
    • Load More Comments