Toyota has discovered yet another data breach, in which the personal information of 260,000 car owners has been leaked over a seven-year period. This comes on the heels of a larger breach, in which the data of 2.15 million Toyota customers was available on the internet for over a decade due to a misconfigured cloud bucket.
The latest breach was discovered as part of an investigation into Toyota’s cloud services in the wake of the earlier breach. The cloud service, known as Toyota Connected, allows Toyota car owners to connect to internet services in their vehicles such as entertainment features, emergency assistance in an accident, and location services. However, the misconfigured cloud services led to customers’ information, including names, phone numbers, email addresses, and vehicle registration numbers, being externally accessible from October 2016 up until this month.
The car manufacturer has stressed that no financial or vehicle location-related data was included in the breach. However, the fact that this breach went undetected for seven years raises concerns about the security measures being used by Toyota.
Jason Kent, hacker in residence at Cequence Security, expressed his concerns about the breach, stating that “having this data exposed, and for so long, it should be assumed that all this data was compromised over and over … Since I haven’t been notified about my data being leaked, as a Toyota customer, I can assume it’s because they are taking a slow legal approach as well.”
The company has apologized for the breach and has assured customers that it has implemented a system to monitor cloud configurations. Toyota also believes that the breach was caused by insufficient dissemination and enforcement of data handling rules.
This latest breach underscores the importance of proper data handling and data security measures. It also highlights the need for companies to regularly review and assess their security protocols to ensure that they are not leaving themselves vulnerable to attack. With the increasing prevalence of cloud services and the growing amount of data being stored online, companies must prioritize data security to avoid the negative impacts of a breach, including reputational damage and potentially significant financial damage due to litigation and regulatory penalties.
As for Toyota customers, it is important for them to remain vigilant and proactive about protecting their personal information. This includes regularly monitoring their credit reports and online accounts, as well as staying informed about any potential data breaches or security incidents. By staying informed and taking appropriate precautions, customers can help minimize the impact of a data breach and protect themselves against the potential negative consequences.