Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Toyota Motor Corp. today announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners' personal information over a seven-year period.
This discovery comes after the car manufacturer conducted an investigation of its cloud features in the wake of announcing earlier in the month that the data of 2.15 million customers was available for over 10 years to anyone on the Internet, also due to a misconfigured cloud bucket.
The cloud service, known as Toyota Connected, allows Toyota car owners to connect to Internet services in their vehicles such as entertainment features, emergency assistance in an accident, and location services.
"Having this data exposed, and for so long, it should be assumed that all this data was compromised over and over ... Since I haven't been notified about my data being leaked, as a Toyota customer I can assume it's because they are taking a slow legal approach as well," said Jason Kent, hacker in residence at Cequence Security, in an emailed statement regarding the subsequent breach.
Customers' information such as names, phone numbers, email addresses, and vehicle registration numbers may have been externally accessible from October 2016 up until this month. The car manufacturer stresses that no financial or vehicle location-related data was included in the breach.
"As we believe that this incident also was caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations," stated the company in its apology and notice.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024