Toyota discloses another user data leak
The breach has resulted in the exposure of sensitive customer information, including personal details such as names and home addresses.
Toyota faces a second data leak in less than three weeks, compromising sensitive customer information such as names and home addresses. The automaker has apologised and acknowledged that additional customer details managed by Toyota Connected Corporation (TC) were potentially accessible externally. The company attributed the incident to insufficient enforcement of data handling rules and has implemented a system to monitor cloud configurations.
The recent data leak, similar to the previous one in May, involved Toyota’s cloud systems as the primary source of exposure. The affected users were primarily in select countries in Asia and Oceania. Toyota disclosed the types of data exposed, including addresses, names, phone numbers, email addresses, customer IDs, vehicle registration numbers, and Vehicle Identification Numbers. The company noted that the level of exposure varied for each customer and that the data was likely accessible from October 2016 until May 2023.
While data pertaining to Japanese customers was leaked, Toyota clarified that the details could not be used to identify individuals or compromise vehicle access. This data leak adds to Toyota’s recent data security challenges, including previous incidents in Italy, and India and a long-term leak through its T-Connect customer app.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.