Toyota faces a second data leak in less than three weeks, compromising sensitive customer information such as names and home addresses. The automaker has apologised and acknowledged that additional customer details managed by Toyota Connected Corporation (TC) were potentially accessible externally. The company attributed the incident to insufficient enforcement of data handling rules and has implemented a system to monitor cloud configurations.
The recent data leak, similar to the previous one in May, involved Toyota's cloud systems as the primary source of exposure. The affected users were primarily in select countries in Asia and Oceania. Toyota disclosed the types of data exposed, including addresses, names, phone numbers, email addresses, customer IDs, vehicle registration numbers, and Vehicle Identification Numbers. The company noted that the level of exposure varied for each customer and that the data was likely accessible from October 2016 until May 2023.
While data pertaining to Japanese customers was leaked, Toyota clarified that the details could not be used to identify individuals or compromise vehicle access. This data leak adds to Toyota's recent data security challenges, including previous incidents in Italy, and India and a long-term leak through its T-Connect customer app.