Toyota Motor Corp. today announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners' personal information over a seven-year period.
This discovery comes after the car manufacturer conducted an investigation of its cloud features in the wake of announcing earlier in the month that the data of 2.15 million customers was available for over 10 years to anyone on the Internet, also due to a misconfigured cloud bucket.
The cloud service, known as Toyota Connected, allows Toyota car owners to connect to Internet services in their vehicles such as entertainment features, emergency assistance in an accident, and location services.
"Having this data exposed, and for so long, it should be assumed that all this data was compromised over and over ... Since I haven't been notified about my data being leaked, as a Toyota customer I can assume it's because they are taking a slow legal approach as well," said Jason Kent, hacker in residence at Cequence Security, in an emailed statement regarding the subsequent breach.
Customers' information such as names, phone numbers, email addresses, and vehicle registration numbers may have been externally accessible from October 2016 up until this month. The car manufacturer stresses that no financial or vehicle location-related data was included in the breach.
"As we believe that this incident also was caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations," stated the company in its apology and notice.