Toyota customers in Asia, Oceania exposed in second data leak due to setting error
Take action: If you have one leak, you probably have more - simply because there is a good chance of a repeated mistake. When addressing a misconfiguration, don't focus only on the immediate problem. Expand the review to all resources, to confirm whether there are other exposed components.
Learn More
Toyota Motor Corp has issued a statement regarding the discovery of a data leak for customers in Asia and Oceania (excluding Japan). This statement arrives in the wake of the data leak of 2 million vehicles from Japan.
After the initial data leak was discovered, Toyota has implemented mechanisms to scan for exposed data in their environment. This new discovery is most probably a detection of that mechanism which has reported other forgotten exposed elements of Toyota's infrastructure.
The exposed data is related to overseas dealers' maintenance and investigation of systems affecting customers in countries in Asia and Oceania. It's estimated that this breach exposes data of 260,000 individuals.
The expoded data includes personal information such as names, phone numbers, email IDs, addresses, vehicle identification numbers, and registration numbers may have been accessible externally between October 2016 and May 2023, however, the company reassures customers that their vehicle location and credit card information were not affected.
After this matter was discovered, Toyota reports taking steps to block access from outside the company.
Toyota attributes the incident to insufficient enforcement of data handling rules and has implemented a monitoring system for cloud configurations.
