In May this year Toyota Motor Corporation (TMC) in Tokyo issued a formal apology and explanation related to "potential data leakage", exposing vehicle and customer information to outside sources due to "misconfiguration of (a) Cloud environment".
Initial investigations pointed to only Japanese domestic market customers being impacted, but now owners in Asia and Oceania, including Australia, have been identified as being at risk.
The primary leak concerned approximately 260,000 Japanese market Lexus customers connected to G-Book and G-Link on-demand navigation map update services, with in-vehicle terminal ID, chassis number, vehicle location information and time-of-day data exposed for up to eight years.
According to Toyota, services using this system have been terminated and the company says these data alone can not identify an individual customer or be used to access or affect a vehicle.
A subsequent investigation of all Cloud storage environments managed by Toyota was undertaken, and confirmed data containing customer information "had been potentially accessible externally", the situation caused by "insufficient enforcement of data handling rules".
Through dealer maintenance and investigation systems a relatively small number of Australian owners (less than 3000) may have had address, name, phone number, email address, customer ID, vehicle registration and Vehicle Identification Number details exposed.
TMC says, "For impacted customers, not all but some of the above information is included depending on the inquiry file. After this matter was discovered, we took steps to block access from outside the company."
The period the site involved was potentially accessible externally was October, 2016 to May, 2023.
In response, new systems to monitor Cloud configurations have been set up and TMC says there is no evidence of secondary use or third-party copies of the data being made.
When asked about implications for local Toyota and Lexus owners a Toyota Australia spokesperson told CarsGuide, "On 12 May, Toyota Motor Corporation confirmed that the vehicle data of some users in Japan had been publicly accessible due to an error in the configuration of a cloud-based database.
"At the time of that notification, it was our understanding that no Australian data was included but, upon continued investigation, we now know that a comparatively small number of Australian records have been impacted.
"Our investigations have found no evidence that the data has been accessed, and we have concluded that the probability is extremely low that any third party could have accessed it.
"While the data may include vehicle information, as well as some personal information such as names and some contact information, no personal financial details are included.
"Toyota Australia recognises the concern that this may cause to our customers, and we are working to contact directly those impacted to advise them of the situation, and to detail the measures that we have taken to ensure the security of our systems and their data.
"We continue to liaise with Toyota head office in Japan, and we will provide updates should additional information become available."
Is the 2024 Nissan Patrol an overlooked 4WD?...
Comments