Toyota identifies potential data leak risk for customers in Asia and Oceania
Toyota Motor Corp has revealed that customer information in select countries in Oceania and Asia, excluding Japan, may have been left vulnerable and publicly accessible between October 2016 and May 2023. The exposed customer data includes details such as names, addresses, phone numbers, email addresses, and vehicle identification and registration numbers. This recent incident follows Toyota’s earlier announcement that vehicle data of 2.15 million users in Japan had been publicly available for a decade due to human error.
Toyota launched a comprehensive investigation into its cloud environments managed by Toyota Connected Corp, which led to the discovery of this latest data leak risk. The automaker attributed the issue to a configuration error in the cloud environment where customer data collected by overseas dealers for vehicle maintenance inspections was stored. To address this problem, Toyota has implemented a monitoring system for cloud configurations and acknowledges that insufficient dissemination and enforcement of data handling rules contributed to the incident.
Toyota is conducting further investigations into the matter, adhering to the laws and regulations of each affected country. The automaker has not disclosed the exact number of affected customers, the specific countries involved, or whether customers of its luxury brand Lexus were impacted. Toyota Connected, in which Toyota holds a majority stake, offers various mobility solutions to individual and business customers, including services like smart key functions, 24-hour operators, and location-based route guidance.
While Toyota has stated that only a portion of customer information may have been externally accessible, the company has not provided specific details on how the information could have been accessed. However, Toyota assured customers that there is no evidence of third-party copies or unauthorized use of their data. Notably, vehicle location and credit card information were not included in the exposed data.
The initial discovery of this data leak risk occurred during routine inspections conducted by Toyota starting in April 2023. Moving forward, Toyota is committed to strengthening its data handling practices and ensuring the security and privacy of its customers’ information.