Toyota Motor Customer Data Leak: Damage Deeper Than Expected, Says Company

The Toyota Motor consumer data leak is larger than what was disclosed previously, the visitor conceded on Wednesday.

The latest utterance from the company said that the personal details of Toyota Motor customers in unrepealable countries in Oceania and Asia, excluding Japan, may have been exposed to the public from October 2016 to May 2023.

The Toyota Motor consumer data leak was disclosed on May 12. The automaker launched an investigation into the data leak, revealing potential external serviceability of spare consumer information managed by Toyota Connected Corporation (TC).

The potentially wieldy consumer information comprised names, addresses, phone numbers, email addresses, as well as vehicle identification and registration numbers, equal to the company’s statement.

According to the May 12 disclosure, the vehicle data of 2.15 million users in Japan, encompassing scrutinizingly the unshortened consumer wiring who had registered for its primary deject service platforms since 2012, had been unintentionally misogynist to the public for a elapsing of ten years due to human error.

Toyota Motor consumer data leak: The details

The Toyota Motor consumer data leak incident was brought to light without an investigation into all deject environments managed by TOYOTA Connected Corporation (TC).

According to the latest announcement, the scale of the potential data leakage incident due to a misconfiguration of its deject environment, disclosed on May 12, was much deeper than anticipated.

It was remoter discovered that a part of the data containing consumer information had been potentially wieldy externally, the visitor utterance said.

As we believe that this incident moreover was caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor deject configurations.

The visitor classified the whole Toyota Motor consumer data leak into two sections: domestic service incidents in Japan and overseas service incidents.

In the domestic service incidents, potentially wieldy data included in-vehicle device IDs, map data updates, and the megacosm dates of updated data used for the distribution of in-vehicle navigation terminal map data.

However, these data vacated cannot identify individual customers or provide wangle to or stupefy the vehicles, the visitor claimed.

The system is now operational and continuously monitors deject settings, while Toyota plans to interreact with TC to reinforce data handling rules and educate employees to prevent such incidents in the future, said the announcement.

Toyota stated that it will handle the specimen in each country equal to the personal information protection laws and regulations of that country.

The statement clarified that the leaked details of Japanese customers were not identifiable and would not provide wangle to or stupefy their vehicles.

 Toyota motor consumer data breach

Toyota Motor consumer data leak and the larger picture

Toyota is a major global vehicle manufacturer with over 370,000 employees and approximately $267 billion in revenue in the previous year.

This Toyota Motor consumer data leak is the latest wing in a string of data security incidents.

An willy-nilly wangle to marketing tools by its Italian workshop was disclosed in March 2023. A data leak exposed the details of 300,000 customers last year, and a data violate happened in its Indian business in January 2023.

Automobile manufacturers and distributors, in general, have been regular victims of data breaches and cyber attacks.

Lockbit 3.0 ransomware gang in January listed German firm EDS Automotive GmbH as a victim. EDS Automotive is one of the biggest minutiae partners of popular automotive manufacturers such as BMW, Audi, Daimler, Tesla, VW and, Porsche.

According to Upstream’s 2022 Global Automotive Cybersecurity Report, well-nigh 82% of cyber attacks targeting the automotive industry, encompassing consumer vehicles, manufacturers, and dealerships, were executed remotely.

More than 40% of incidents targeted back-end servers, indicating the importance of safeguarding hair-trigger infrastructure, said the report.