Toyota Australia owner’s personal information has been accidentally accessed publicly, the company has confirmed
Toyota said earlier this month The media data of 2.15 million users in Japan was made public by mistake.
Although Toyota Australia said at the time that local data was not included in the breach, it was later determined this was not the case.
“On May 12, Toyota Motor Corporation confirmed that the vehicle data of some users in Japan was publicly accessed due to a cloud-based database configuration error,” the company said. in a new statement.
“At the time of that announcement, we understood that no Australian data had been included, but after further investigation we now know that a relatively small number of Australian records have been compromised. affect.
“Our investigations found no evidence that the data was accessed and we have concluded that the likelihood of any third party being able to access the data is extremely low.
“While the data may include vehicle information, as well as some personal information such as name and some contact information, no personal financial details were included.
“Toyota Australia is aware of the concern this may cause for our customers and we are working to reach out directly to those affected to advise them on the situation and detail the possible solutions. measures we have taken to ensure the security of our systems and their data.
“We continue to be in contact with Toyota’s headquarters in Japan and we will provide updates if more information becomes available.”
Not only is customer information available to the public, the data – from its main cloud service platforms – is viewable for a decade due to human error on a report from Reuters.
The company said this data had been mistakenly set to public view and likely included details such as vehicle location and vehicle device identifiers.
“There is a lack of active detection mechanisms and operations to detect the presence or absence of things that have become public,” said a Toyota spokesperson. Reuters when asked how the violation went unnoticed for so long.
It started in November 2013 and lasted until mid-April this year.
The company is currently investigating all cloud environments managed by Toyota Connected Corp.
Toyota says it will introduce a system to audit cloud installations, set up a system to continuously monitor these, and train its employees on how to handle data securely.
This incident follows a similar T-Connect data breach that the company confirmed last October.
Toyota said 296,019 email addresses and customer numbers were likely leaked, affecting customers who signed up for the T-Connect website from July 2017 onwards.