Customer data of Toyota Motor Corp. in Oceania and Asia was left available to the public from October 2016 until May 2023 due to an error in the cloud service.
The data available to the public included customer information such as names, addresses, phone numbers, email addresses, and vehicle information.
According to an earlier announcement by the company, the data of 2.15 million customers in Japan had been exposed to the public since 2012. This was due to a human error.
How Toyota Motor Corp. Found the Breach?
During inspections in April, inspectors unintentionally learned about the incident. An error in the connected cloud service’s settings led to the exposing of additional data.
When Toyota Connected Corp. was looking at cloud environments, they came into the problem. Customers can get mobility options from Toyota Connected, including smart key features and location-based services. Customer data might have been partially externally available.
The problem occurred due to insufficiently disseminating and enforcing data handling guidelines. A mistake in configuring the cloud environment led to the loss of customer data.
What action will be taken?
According to each nation’s laws and regulations, Toyota is undertaking an inquiry.
The business has implemented a mechanism to track cloud settings to stop future intrusions. The company has not mentioned the affected customers or certain nations. It is unknown what influence Lexus brand customers have experienced.
Toyota has stated that there is no proof of any unauthorized use or duplication of customer information. Credit card numbers and a vehicle’s location were not among the compromised data. In-vehicle device identification and navigation information are among the recently discovered vulnerable data.
Human Error Results in The Leak
Between December 2007 and May 2023, data leaks affected Toyota automobile purchasing consumers in Japan. Additionally, clients from countries other than Japan had their private data accessed. Following regional regulations, the company will inform these customers and offer an apology.
Although the company did not mention logging procedures, there is no proof of data access or copying. Toyota Japan apologized for leaving vehicle information for millions of consumers online for ten years. Email addresses, car identification numbers, GPS coordinates, and drive recorder films are all included in the leaked data.
The situation specifically affects G-Link users who own Lexus vehicles and consumers in India. Toyota guarantees that the information was secure and that there have been no allegations of misuse.
The company has not yet made it known if it has established logging to catch data exfiltration. The business plans to implement technology to enhance cloud environment monitoring.
Due to a subcontractor’s oversight in 2022, Toyota unintentionally released almost 300,000 customer email addresses. Customers’ names, addresses, and phone numbers might have been publicly available.
The issue that affected 2.15 million users in Japan resulted from human error. The company wants to make data handling procedures better and stop more security breaches.
The business regrets the incidents and acknowledges the value of protecting client information. TechCrunch has requested more details from Toyota, but the company has not responded.
Customer compensation will probably be part of the company’s response to the breach.
Organizations may face serious financial and legal repercussions due to data breaches. Customers should keep an eye on their accounts and be on the lookout for any unusual activity.
The compromise at Toyota should serve as a lesson to other businesses handling sensitive consumer data. Businesses must regularly assess and upgrade their cybersecurity procedures too.
Toyota motor corp. Aggressively planning for EV evolution
Under the leadership of new CEO Koji Sato, the company presented its new strategy this week. Rearranging top executives and the management structure are also part of the proposal.
The business wants to concentrate more on electrification and advanced vehicles. According
to Sato, a fundamental shift in the business strategy is required from manufacturing to sales and service.
The objective is to deliver electric cars (EVs) that people desire to drive. To do this, the corporation intends to streamline the automobile structure.
Sato, who once oversaw the luxury brand Lexus, will be in charge of leading the turnaround. To accommodate the adjustments, Toyota will reorganize its Kyushu vehicle production system. They plan to unveil the following-generation Lexus EV in 2026