Toyota Motor Corporation has revealed that two additional misconfigured cloud services exposed car owners’ personal information for over seven years. The discovery came after a thorough investigation conducted by the company on all cloud environments managed by Toyota Connected Corporation.
The first cloud service exposed personal information of Toyota customers in Asia and Oceania, including names, addresses, phone numbers, email addresses, customer IDs, vehicle registration numbers, and Vehicle Identification Numbers (VINs).
Furthermore, the second cloud instance contained less sensitive data related to car navigation systems and impacted approximately 260,000 customers in Japan who subscribed to specific navigation systems between February 2015 and March 2022.
Although the extent of the impact on customers has not been clarified by Toyota, the company assured that data entries were automatically deleted from the cloud environment after a certain period.
Additionally, Toyota claims that even if the data was accessed externally, it would not provide enough information to identify customers or access their vehicle systems. To prevent future leaks, Toyota has implemented a monitoring system that regularly checks cloud configurations and database settings across all environments.
This incident highlights the importance of proper cloud security configurations and the potential risks associated with misconfigured services. It serves as a reminder for companies to regularly assess and strengthen their security measures to protect customer data.
Finally, Toyota’s prompt investigation and commitment to implementing preventive measures demonstrate their dedication to addressing the issue and safeguarding customer information moving forward.