As the use of connected vehicles spreads worldwide, automobile giant Toyota has issued an apology after learning that for ten years, “misconfiguration of the Cloud environment” had allowed millions of customers’ incomplete data to become public.
Nearly 2.15 million customers in Japan, whose personal and vehicle information was posted online between November 6, 2013, and April 17, 2023, according to the manufacturer, will be notified about the glitch.
The exposed information reportedly includes registered email addresses, chassis, and terminal navigation numbers specific to each car, the location and time of each vehicle, and films from the car’s “drive recorder.”
“Since discovering this issue, we have taken steps to limit access from the outside, but we are still conducting investigations that include all cloud environments. Again, we apologize for causing our customers and linked parties such difficulty and worry,” the company stated.
Customers whose in-vehicle terminal ID, chassis number, location data, and time may have been compromised, will receive personalized apology letters and notices to the email addresses on file.
The Japanese juggernaut further added, “We will also establish a dedicated call centre to address inquiries and worries from clients.”
The company also claimed that the lack of adequate explanation and detail in the data handling regulations was the primary cause of this event.
A statement said that this time, customer information that would have been viewed from the outside would not be able to identify the customer solely based on this data, even if accessed from the outside.
“We haven’t verified any secondary use of customer information on the Internet by a third party, or whether or not there are any copies left, related customer information that may have been accessed from the outside, since the discovery of this situation,” the statement read.
On the back of the incident, the Australian division of the Japanese car giant has reassured local customers their information is safe.
As per Reuters, the data breach is Toyota’s third in less than 15 months, and has affected almost all Toyota and Lexus owners in Japan.
In Japan, Toyota’s connected services notify customers when their vehicle is due to be serviced, apart from possessing the ability to automatically contact emergency services in the event of a vehicle crash or to locate their cars after being stolen.
A spokesperson for Toyota told ‘Drive’ that the car giant’s latest data breach in Japan does not impact Australian customers.
“Toyota Australia is informed that the cloud service platforms are Japan-based and not linked to any services we offer in Australia and therefore no Australian customer or vehicle data has been compromised,” said the spokesperson.
Toyota’s tryst with data breaches
The latest Toyota data breach represents the third time the Japanese car giant getting affected by a cybersecurity flaw since the start of 2022.
In March 2022, the company was forced to shut down all of its 14 factories in Japan after its key parts supplier, Kojima Industries, was targeted by a major cyber-attack, through the production lines 24 hours after the incident.
In October of that year, almost 300,000 email addresses of Toyota customers in Japan who had signed up for the ‘T-Connect’ mobile app were found to be at risk of a cybersecurity breach.
Toyota Australia, which represents almost one in every five new cars sold annually in the country, has a clean track record, when it comes to cybersecurity, since 2019 when its local head office was targeted, but no customer data was compromised.