Toyota again leaks customer data through unsecured cloud database

Spread the love

Toyota says that data from another 260,000 Japanese customers was public for years due to an error in the cloud system. The company discovered the breach after an investigation into another unsecured database containing data from two million customers.

The data was “potentially accessible externally due to a misconfiguration” in the cloud system, Toyota wrote in a post on his site. This concerns data from Japanese customers who purchased their car in December 2007 at the earliest. These were public between February 2015 and May 2023. This concerns map data and IDs from the G-Book and G-Link navigation systems in the car. According to Toyota, that information is not enough to identify individual users. The data also does not include vehicle locations.

In addition, during the same period, personal information of an undisclosed number of users in a number of countries in Oceania and Asia, excluding Japan, was exposed. This is also blamed on a database misconfiguration. The precise data varies per customer, but may include addresses, names, telephone numbers, email addresses, customer IDs, and vehicle registration and identification numbers, Toyota said.

The company says it has found no evidence in either case that data was actually viewed or copied. According to the manufacturer, the leaks have now been closed.

Last month, Toyota reported that the database of one of its cloud services had been online without a password for ten years. That database contains information on 2.15 million Japanese customers who use Toyota’s T-Connect service. Following that breach, the company launched an investigation into its other cloud environments, which led to the discovery of these two additional breaches. The company says it has now implemented a system that monitors cloud configurations.

You might also like