Risk register · entry
Q3 · EngineeredToyota supplier hack
Ransomware on one parts supplier halted all 14 Toyota Japan plants.
Tightly coupled systems where one small fault cascades and takes down the whole machine.
Why this room
The mechanism fits Engineered because a simple, low-complexity payoff for the attacker, a single supplier's IT compromise, produced fat-tailed, system-wide consequences purely through the built-in coupling of a human-designed process (Kanban just-in-time), not through market dynamics or natural variability.
The record
- Feb 26, 2022: Kojima Industries discovers malware on a file server after an error and rebootcertain
- March 1, 2022: Toyota halts 28 production lines across all 14 Japan plants (incl. Hino, Daihatsu)certain
- ~13,000 vehicles of production lostcertain
- March 2, 2022: production resumes (roughly one-day halt)certain
- These 14 plants account for roughly a third of Toyota's global/domestic production capacitylikely
- Estimated ~5% cut to Toyota's monthly Japan productionlikely
- Kojima's systems took about one month to be fully restoredlikely
- PM Fumio Kishida: no confirmation of a Russian connection to the attackcertain
- Akio Toyoda visited Kojima Industries in person about four days after the attacklikely
- Attribution to the LockBit ransomware group and a ~$375 million cost estimate circulate in later secondary blogs (e.g. Keepnet), but no attacker identity or cost figure appears in contemporaneous 2022 reporting (NPR, CNBC, Bleeping Computer, The Register) or in Toyota/Kojima statementsuncertain
Sources
The book
This entry is one of 111 in the register. The full story, and what it cost the people who lived it, is in Risky Business by Claudia Zeisberger, David Munro and Joanna Reijgersberg-Siew.
Join the waiting list