Toyota Discloses Decade-Long Data Leak Exposing 2.15M Customers' DataToyota Discloses Decade-Long Data Leak Exposing 2.15M Customers' Data
A misconfigured cloud instance exposed vehicle data, but not personally identifiable information, the car maker says.
May 15, 2023
Toyota has disclosed that for more than 10 years, a misconfigured cloud bucket left more 2.15 million customer records exposed to the open Internet.
According to the disclosure, the sensitive data from Toyota's cloud-based Connected services was open to unauthorized access from November 2013 to this April. The Toyota Connected offering allows drivers to stream entertainment, use location data to find stolen vehicles, receive flash maintenance reminders, and send for emergency help in case of an accident.
Toyota spokesperson Hideaki Homma told Associated Press that the Connected service breach only impacts customers in Japan. Any unauthorized access to the data would not identify individual customers, the carmaker said in its statement, adding that there has not been any observed use or abuse of the data from a third party.
"We believe that the main reason for this incident was insufficient explanation and thoroughness of rules for data handling," a Google translation of the Toyota data breach disclosure statement read. "(We will) collaborate closely with the [Toyota corporation], thoroughly educate employees, work to prevent recurrence, introduce a system to audit the cloud settings, conduct a setting survey of the cloud environment, and continuously monitor the setting status. We will build a system."
This isn't the first security incident for the automaker this year. Just in March, a hacker made headlines by exploiting a flaw in Toyota's C360 customer relationship management (CRM) software, exposing the personal data of an unknown number of the company's customers in Mexico.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks