How data of over 2 million Toyota customers got leaked
Toyota, along with its luxury car division Lexus, has compromised the data of over two million car owners in Japan. As per the company, the data belongs to all the customers who signed up for cloud service platforms since 2012. The customer and vehicle details have been public for several years now. So how did such a leak happen?
Why does this story matter?
Toyota is one of the top three carmakers across the globe, producing on average 10 million vehicles per year. The multinational automotive manufacturer is known for providing cars with reliable and frugal powertrains. However, this data leak raises questions about data management at Toyota. According to the company, it will introduce a raft of security measures to strengthen its IT infrastructure.
Human error caused the data leak
A Toyota spokesperson told Reuters that the issue began in November 2013 and the leak was finally addressed in mid-April this year. The reason behind the data leak was human error. A person set the cloud system containing customer information to public instead of private. The leak is said to include details such as vehicle locations and identification numbers of vehicles, among other things.
How did the leak go unnoticed for so many years?
While the data of vehicle owners has been public since 2013, the company claims that there have been no reports of any malicious use. One wonders why it took so long to find the error. As per Toyota, there was a "lack of active detection mechanisms and activities to detect the presence or absence of things that became public."
Who is affected by the leak?
The affected customers are those who signed up for Toyota's T-Connect service which provides AI voice-enabled driving assistance, auto connection to service centers, and emergency support. Owners of Lexus vehicles who have subscribed to cloud-based G-Link service are also affected. To improve its IT infrastructure, Toyota said it would audit and monitor cloud settings and rigorously train employees on data handling.
This happens to be the second major incident for Toyota
It is the second major incident for Toyota after a company's subcontractor uploaded the T-Connect apps source code to a public GitHub repository in 2022. It included an access key to its data server that contained the personal information of over 296,000 customers.
