According to Reuters, Toyota Motor Corporation has admitted to a huge data breach that has left customer information exposed throughout Oceania and Asia, with the exception of Japan, for more than six years. According to the information provided by the manufacturer, the data may have been available to the general public between October 2016 and May 2023. Customers’ names, addresses, phone numbers, and email addresses, as well as their car identification and registration numbers, were among the types of information that may have been seen by unauthorized third parties.
This event follows Toyota’s previous admission that the car data of 2.15 million customers in Japan had been made publicly accessible owing to human mistake for a period of 10 years. Because of the former occurrence, Toyota initiated a comprehensive investigation into its cloud environments, which were handled by Toyota Connected Corp. This ultimately led to the discovery of the most recent security breach. The firm determined that the problem was caused by a lack of proper distribution and enforcement of rules governing the processing of data, and it has since put in place a mechanism to monitor cloud setups.
An incorrect setup in the cloud environment, which was used to store customer data that was obtained by foreign dealers for car maintenance inspections, was the cause of the breach that happened. At this time, Toyota is conducting an investigation into the matter in accordance with the legal requirements of each impacted nation. The automobile manufacturer did not identify the precise number of clients whose information was compromised, the particular nations that were affected, or whether or not the hack affected customers of its premium brand, Lexus.
According to Toyota, just a small percentage of the information pertaining to consumers may have been viewable from the outside. It was verified by the business that an investigation had been carried out to ascertain whether or not any third parties had copied or utilized the customer data, but the inquiry turned up no evidence of such usage. In addition, the leak did not contain information about the location of vehicles or credit card information. Despite the fact that Toyota admitted that customer information “may have been potentially accessible externally,” the company did not disclose any more information on the means by which this information may have been acquired.
According to another story by Reuters, the corporation found out about the security vulnerability for the first time by complete accident when doing checks beginning on April 7. The data breach has been taken seriously by Toyota, and the company is making every effort to resolve the problem and maintain the safety of its customers’ information.
This event highlights the growing danger of data breaches that firms across a variety of sectors confront. According to the data that is currently accessible, there were 41.6 million hacked accounts in only the first quarter of 2023, which is approximately half as many as the 80.8 million compromised accounts in the previous quarter.The firm has, in the past, been the victim of many unauthorized data accesses. Because of a cyberattack that took place in February 2022, Toyota was forced to shut down all operations in its 14 domestic factories, which resulted in the loss of production of around 13,000 automobiles.
As long as sensitive information remains a target for hackers, businesses have little choice but to prioritize data security measures and make investments in secure systems in order to safeguard consumer information from unauthorized access. At this point, Toyota’s primary priority is on fixing the breach, ensuring compliance with any applicable rules, and improving its data handling practices in order to reduce the likelihood of future events of a similar kind.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.