Toyota data leak exposes drivers’ details – again


Toyota admitted to a second data leak in less than three weeks, with the automaker exposing drivers’ sensitive details such as name and home address.

The Japanese automaker issued an apology, admitting that an investigation into the May 12th data leak revealed that additional information with customer details and managed by Toyota Connected Corporation (TC) “had also been potentially accessible externally.”

“As we believe that this incident was also caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations,” Toyota said in a statement.

ADVERTISEMENT

Earlier in May, the company admitted leaving its primary cloud service publicly available for over a decade, putting more than 2 million clients at risk. The cloud system was accidentally set to public instead of private due to human error.

The recently acknowledged incident is remarkably similar, with the company’s cloud systems once again the primary venue for customer data exposure. Toyota said that most affected users were in “some countries in Asia and Oceania.”

“Some of the files that TC manages in the cloud environment for overseas dealers’ maintenance and investigation of systems were potentially accessible externally due to a misconfiguration,” the company said.

What did Toyota leak?

According to Toyota, the exposed user data includes:

  • Address
  • Name
  • Phone number
  • Email address
  • Customer ID
  • Vehicle registration number
  • Vehicle Identification Number

Toyota stressed that the level of exposure varies from client to client, and not everyone had all their details left accessible. The company added that the data was likely accessible from October 2016 until May 2023.

“We will deal with the case in each country in accordance with the personal information protection laws and related regulations of each country,” Toyota said.

ADVERTISEMENT

The statement also included details on the data the company exposed in Japan. However, Toyota said none of the leaked details of its Japanese customers could be used to identify individual customers, access, or otherwise affect vehicles.

Toyota’s data security has hit a rough patch recently. For example, in February 2023 the Cybernews research team discovered that the company’s Italian branch accidentally leaked access to its marketing tools.

Last year, Toyota confirmed the data leak of nearly 300,000 customers, including email addresses and client management numbers. Exposed via its customer app T-Connect after a developer posted source code on GitHub, the data had been leaking for five years.

This January, Toyota Motor’s Indian business disclosed a data breach, saying some customers’ personal information might have been exposed.

Toyota is one of the biggest vehicle manufacturers worldwide, with over 370,000 employees and about $267 billion in revenue last year.