Toyota warns of data leak risk for customers in Asia and Oceania.

Toyota Admits Customer Data May Have Been Publicly Accessible for Years

Toyota Motor Corp has revealed that customer information in some countries in Oceania and Asia may have been left publicly accessible from October 2016 to May 2023. The data breach included names, addresses, phone numbers, email addresses, and vehicle identification and registration numbers. This follows the announcement earlier this month that the vehicle data of 2.15 million users in Japan had been publicly available for a decade due to human error. Toyota is investigating the issue based on the laws and regulations of each country.

How the Incident Occurred

The issue arose due to a setting error in the cloud environment where the automaker stored customer data collected by overseas dealers for handling and managing maintenance inspections of vehicles. Toyota is investigating the issue based on the laws and regulations of each country, a company spokesperson said. Only part of customers’ information may have been externally accessible, the company said.

Toyota’s Response

Toyota has implemented a system to monitor cloud configurations to prevent similar incidents from happening in the future. The company is also investigating whether there were any third-party copies or use of its customer data and found no evidence of such use. Toyota said customer information “may have been potentially accessible externally” but did not elaborate on how the information could have been accessed.

Impact on Customers

Toyota did not disclose how many customers were affected by the incident, in which countries they are located exactly, and whether customers of its luxury Lexus brand were affected. However, the company said that vehicle location and credit card information were not included in the incident.

Toyota Connected Corp

Through Connected, which is majority owned by the automaker, Toyota offers individual and business customers mobility solutions, such as a smart key function, a 24-hour operator, and location-based route guidance and traffic congestion information services.

Toyota is taking this data breach seriously and is working to ensure that it does not happen again. The company has apologized for the incident and is committed to protecting its customers’ data.