Toyota Motor Corp has revealed a significant data breach that has left customer information exposed across Oceania and Asia, excluding Japan, for more than six years, Reuters tells us in a report.
The automaker stated that the data may have been publicly accessible from October 2016 to May 2023.
Critical Data Compromised by the Breach
The information that may have been externally accessible includes customers' names, addresses, phone numbers, email addresses, and vehicle identification and registration numbers.
The Economic Times tells us that this incident comes after Toyota's recent announcement that the vehicle data of 2.15 million users in Japan had been publicly available for ten years due to human error.
Following the earlier incident, Toyota launched a thorough investigation into its cloud environments managed by Toyota Connected Corp, leading to the discovery of the latest breach.
Error Caused Major Breach
The company attributed the cause to insufficient dissemination and enforcement of data handling rules and has now implemented a system to monitor cloud configurations.
Read also: UK Consumers Fall Victim to Facebook, Instagram Online Shopping Scams Every 7 Minutes: Study
The breach occurred due to a setting error in the cloud environment where customer data collected by overseas dealers for vehicle maintenance inspections was stored. Toyota is currently investigating the issue according to the laws and regulations of each affected country.
The automaker did not disclose the exact number of customers impacted by the breach, the specific countries involved, or whether customers of its luxury brand, Lexus, were affected.
Toyota Connected Corp, a majority-owned subsidiary of Toyota, offers mobility solutions to individual and business customers. These solutions include features such as a smart key function, a 24-hour operator, and location-based route guidance and traffic congestion information services.
Toyota Proceeds with Further Investigatio
According to Toyota, only a portion of customers' information may have been externally accessible. The company confirmed that it had conducted an investigation to determine if any third parties had copied or used the customer data but found no evidence of such use. Additionally, vehicle location and credit card information were not included in the breach.
While Toyota acknowledged that customer information "may have been potentially accessible externally," it did not provide further details on how this information could have been accessed.
Data Breaches At Alarming Numbers
Reuters also reports that the company initially discovered the breach by chance during inspections that began on April 7. Toyota is taking the breach seriously and is working diligently to address the issue and ensure the security of its customers' data.
This incident underscores the increasing threat of data breaches faced by companies across various industries. According to available data, 41.6M accounts were compromised in the first quarter of 2023 alone, almost twice as less as the 80.8M compromised in the previous quarter.
In the past, the company has experienced a number of data breaches. In February 2022, Toyota ceased all operations in its 14 domestic facilities due to a cyberattack that resulted in the loss of approximately 13,000 vehicles output.
As cybercriminals continue to target sensitive information, organizations must prioritize data security measures and invest in robust systems to protect customer data from unauthorized access.
Toyota's focus is now on rectifying the breach, ensuring compliance with relevant regulations, and strengthening its data handling protocols to prevent similar incidents in the future.
Stay posted here at Tech Times.
Related Article: Millions of Customer Records Exposed in Massive Data Breach Targeting Tire Company