Toyota reported that owing to a cloud configuration issue, the private information of over 2 million of its customers was “publicly” available for 10 years.
Toyota disclosed in a significant announcement that the private information of more than 2 million customers in Japan was “publicly” available for 10 years owing to a cloud configuration issue. A vulnerability that existed between November 2013 and April of this year could have affected around 2.15 million subscribers. This is seen as a major issue with potentially devastating repercussions.
Toyota claims the data leak was caused by a misconfigured setting in the cloud environment as well as human error. It is thought that one of the company’s employees adjusted the access level of a cloud system to “public” by accident. Customers of G-Link and the T-Connect network are alleged to have been affected. G-Link is a valuable service for Lexus owners that provides emergency assistance. As a result, a sizable number of people are affected.
“Externally viewable customer information does not identify the customer based on this data.” We have been unable to verify whether customer information has been exploited by a third party on the internet since the discovery of this vulnerability.”
Toyota has announced several modifications to its cloud processes in response to this cybersecurity concern. The corporation emphasizes that new technologies will be developed to regularly audit cloud settings. This is also Toyota’s second data leak. It was disclosed in October 2022 that data belonging to an average of 300,000 consumers had been exposed after an access key had been left publicly available on the GitHub platform for 5 years. The problem was claimed to have disrupted the T-Connect service, affecting 296,19 consumers.