For the second time in a short time, private data belonging to Toyota customers may have ended up in the hands of hackers or cybercriminals. Due to an incorrect setting of the cloud system, the data of about 260,000 customers was accessible for years. The automaker says it has resolved the issue.
Toyota reports the data breach on its corporate website.
Personal data Japanese Toyota customers accessible for years
The data leak came to light after Toyota announced on Friday, May 12, that a major leak had been found. According to the Japanese car manufacturer, the door to one of its cloud services has been open for ten years. That means anyone without a password could access the personal data of some 2.15 million Japanese customers using Toyota’s T-Connect service.
Toyota then launched an investigation into other cloud environments managed by Toyota Connected Corporation. This shows that there may be two more major data breaches in which the personal data of Toyota customers have been stolen. Japanese customers bought a car with G-Book or G-Link navigation systems between December 2007 and September 2015.
It concerns about 260,000 Toyota customers from Japan. The car manufacturer states malicious parties cannot identify customers with the captured data. The database contained no vehicle data. The information was accessible between February 2015 and May 2023.
Personal data of customers outside Japan may also have been captured
A similar scenario occurred in several Asian countries and Oceania. There, names, residential addresses, telephone numbers, e-mail addresses, vehicle identification numbers (VIN numbers) and customer numbers were within easy reach. These data were externally accessible between October 2016 and May 2023.
It is unknown how many customers are the victims of the data breach. Toyota says it has contacted authorities in the victims’ countries.
No indications that data has been stolen
Toyota says that both incidents were caused by an incorrect setting of the cloud service. “Currently, a system is in place to check the settings of all cloud environments and monitor the settings continuously. In addition, we will continue to work closely with Toyota Connected Corporation to explain and enforce data processing rules. We will also work to prevent a recurrence by thoroughly informing our employees again,” the manufacturer said in a statement.
The company says it has investigated whether anyone has viewed the data in the cloud environment or made copies of it. Toyota says that no evidence has been found for this. The car manufacturer apologizes to its customers and other parties involved for any inconvenience caused by the data leaks.