Toyota has admitted to the second data breach, personal information has been publicly accessible since 2016


This revelation from Toyota comes just two weeks after the company said 2.15 million Japanese customers had their vehicle data exposed

Toyota revealed that private information from customers in Japan, as well as other countries across Asia and Oceania, was publicly accessible due to two separate incidents.

In the case affecting customers in Asia and Oceania, the automaker says some of the files managed by Toyota Connected Corporation in the cloud for maintenance requirements and systems investigation by overseas dealers were actually accessible externally “due to a misconfiguration.”

While the Japanese automaker has not said how many customers are affected, it says customer details including addresses, names, phone numbers, email addresses, customer IDs, vehicle registration numbers and vehicle identification numbers can be accessed externally. This information was publicly available between October 2016 and May 2023.

Speaking to Reuters, a Toyota spokesperson confirmed that the automaker is investigating the matter based on each country’s laws and regulations.

Regarding the second incident, this time limited to Japan, Toyota revealed that approximately 260,000 customers using Lexus G-Link connected services had vehicle details publicly available, including vehicle identification numbers, map data updates and more mapping systems. This leak does not include any data that can be used to identify the owners. Information may have been available for viewing between February 9, 2015 and May 12, 2023.

These two leaks come just weeks after Toyota revealed that the vehicle data of 2.15 million customers in Japan was publicly accessible between November 2013 and April 2023. The brand believes the two latest incidents were “caused by insufficient dissemination and enforcement data rules’ and revealed that since the first leak in mid-May, it has ‘implemented a system to monitor cloud configurations’.

Toyota says it found no evidence of secondary use of the information it made available, nor did it find copies of the third-party information.


Please enter your comment!
Please enter your name here