Toyota has disclosed that customer information from Japan and other countries in Asia and Oceania was publicly available due to two incidents.
Toyota undertook a rigorous evaluation of its cloud settings following a prior incident in which information on over 2 million automobiles in Japan was exposed. It then discovered another instance affecting around 260,000 clients.
This breach revealed in-vehicle device identifying numbers and map data from the cars’ navigation terminals. The exposed data did not indicate the location of the cars or identify specific customers, but it could still be used to get access to the vehicles.
One breach was caused by a misconfiguration in Toyota Connected Corporation’s cloud infrastructure. Customers’ names, addresses, phone numbers, and car information were among the information revealed. From October 2016 until May 2023, the information was available to the public.
Customers who used their G-BOOK service with compatible navigation systems, as well as those customers who renewed their Maps on Demand subscription, were also impacted by the second incident. It was linked to a prior hack using G-Link technology, which was utilized in Lexus automobiles. The services in question were used between February 9, 2015, and May 12, 2022.
Toyota stated that it will notify affected customers through email and set up a call center to address any questions or concerns.
The sources for this piece include an article in TheRecord.