According to the automaker, this breach was also a result of database misconfiguration of its cloud environment which are managed by TOYOTA Connected Corporation (TC). The cloud service company features a subscription model which allows Toyota customers to use internet in cars to access audio, multimedia, location services and emergency assistance. The customer and vehicle information which was publicly available could be accessed by anyone who knew where to search. ‘’Vehicle registration number, vehicle ID, customer name, email ID, address, and phone number of customers in some countries in Asia and Oceania (Japan is not included) was exposed between October 2016 – May 2023,’’ said the notification. The company said that this incident was the result of insufficient dissemination and enforcement of data handling rules. To avoid recurrence, on an ongoing basis, checks and maintenance of cloud environments are being conducted. Additionally, the company would be investing in the training and education of TC employees regarding data handling rules to ensure safety of customer information. In its statement, the company also issued an apology to all the affected customers and assured that no third-party had accessed the data nor any copy of it was found on the internet. However, at present the company could not confirm if vehicle location and credit card information was also a part of the leak. This notification comes right after an earlier statement released by the company in May this year about the exposure of 1.15 million Japanese customers’ data.
