autoevolution
 

Toyota Says Even More Customer Info Was Exposed in Historic Security Blunder

Toyota's historic data breach, which exposed the information of some 2.15 million drivers, also included the records belonging to certain Australian customers.
Toyota says Australians were also exposed by the breach 47 photos
Photo: Bogdan Popa/autoevolution
Toyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4XToyota bZ4X
The Japanese carmaker confirmed the security incident back in May when it discovered that a database misconfiguration exposed the data of Japanese customers.

At that point, Toyota said only drivers in Japan were impacted, but according to a recent statement, Australian customers were affected as well.

The carmaker confirmed in a statement that only "a small number of Australian records have been impacted, admitted that the exposed data may include vehicle and personal information, such as names and contact details. On the other hand, no financial details were exposed.

Furthermore, Toyota says it found no evidence that the data has been accessed by a third party. According to the initial findings, the Connected service exposed the information, as an online server was left unprotected without a password.

Once it became aware of the security blunder, Toyota safeguarded the server, setting up a password to make sure no unauthorized access takes place. It also conducts audits to determine the security protections currently in place on its servers.

According to the carmaker, the data was exposed beginning in November 2013. The flaw was eventually patched in April this year when the company became aware of the mishap.

The good news is that the exposed information did not include sensitive information, but on the other hand, it's still worrying that a company the size of Toyota failed to detect a security problem for so long. According to Toyota's timing information, the data was left unprotected with a password for close to 10 years before somebody discovered what the carmaker called a human error.

At the same time, Toyota determining that customers in other countries were affected by the breach could also raise more questions about whether the exposed data covers more regions. The carmaker says it's already looking for potential security issues on all cloud platforms managed by Toyota Connected in an attempt to determine whether more data might be exposed to third-party access through the misconfigured database.

At this point, however, no information has been discovered in this regard, and Toyota insists that it found no evidence of third-party access to the misconfigured server. As such, the company says the likelihood of someone accessing the exposed data is extremely low.

At the time of writing, Toyota says customers shouldn’t do anything, as the mishap did not expose sensitive information such as credit card details and other financial data. On the other hand, if you believe someone is trying to use the information that might have been obtained from Toyota's server, they are strongly encouraged to reach out to the company for additional information on what to do next.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Bogdan Popa
Bogdan Popa profile photo

Bogdan keeps an eye on how technology is taking over the car world. His long-term goals are buying an 18-wheeler because he needs more space for his kid’s toys, and convincing Google and Apple that Android Auto and CarPlay deserve at least as much attention as their phones.
Full profile

 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories