View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
May 31, 2023updated 01 Jun 2023 12:38am

More Toyota driver data found online

A second breach of the company's cloud system led to more customer information being freely available to access online.

By Claudia Glover

Toyota has confirmed a second batch of customer data has been exposed online and appears to have been available since October 2016. It is the second data breach at the automaker in a matter of weeks, and both issues are said to have been caused by incorrect “enforcement of data handling rules”. 

Second cache of Toyota data found publicly accessible online in a month. (Photo by Boykov/Shutterstock)

The information includes names, addresses, phone numbers, email addresses and vehicle identification details, Toyota said today. It was available to access via an unsecured cloud server.

Toyota discovers second driver data breach

Today’s announcement says the latest Toyota data breach was caused by “insufficient dissemination and enforcement of data handling rules”. The problematic server has now been secured, the statement added.

It is the second such incident at Toyota in a matter of weeks. On May 12, the company announced that vehicle data from 2.15 million users in Japan, most of whom had signed up for its main cloud services platform since 2012, had been available to the public.

“There was a lack of active detection mechanisms and activities to detect the presence or absence of things that became public,” a Toyota spokesperson said at the time. 

Toyota has since introduced active detection to its network, and this led to the latest problem being discovered.

“Subsequently [to the initial discovery] we conducted an investigation for all cloud environments managed by Toyota Connected Corporation [the company’s technology arm],” the spokesperson said. “It was further discovered that a part of the data containing customer information had been potentially accessible externally.”

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

The issue was caused a setting error in the company’s cloud environment, and led to customer data collected by overseas dealers for the handling and managing maintenance inspections of vehicles being exposed.

Customers affected are being contacted via email and phone today. A separate hotline has been organised to deal specifically with any worries caused. 

“We will deal with the case in each country in accordance with the personal information protection laws and related regulations of each country,” Toyota said.

Toyota cybersecurity problems mount

Toyota, the world’s largest car company by sales, has become a regular target for hackers. 

Security researcher Eaton Zveare said in February that he had gained access to Toyota’s Global Supplier Preparation Information Management System (GSPIMS), a web app used by Toyota employees and their suppliers to coordinate projects, parts, surveys and other tasks related to the global Toyota supply chain.

“I discovered what was essentially a backdoor login mechanism in the Toyota GSPIMS website/application that allowed me to log in as any corporate Toyota user or supplier just by knowing their email,” explained Zveare in his blog.

He reported everything he found to the company. “In seven days, I reported four different security issues to Toyota, all of which were classified as ‘critical’,” he said. 

In February of last year, the company experienced a less benign intrusion. It was forced to shut down its plants in Japan after a supplier, Kojima Industries, fell victim to a cyberattack.

Read more: Tesla hacked? Whistleblower ‘ leaks 100GB of information’

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.