Toyota – the world’s biggest car-maker by volume – has reported its third major cybersecurity breach in less than 15 months, with vehicle data from more than 2.1 million Japanese customers exposed across a 10-year period.
The Australian division of Japanese car giant Toyota has reassured local customers their information is safe, following the discovery that private vehicle data from more than 2.1 million customers in Japan has been publicly available for a decade.
News agency Reuters reports the data breach – Toyota’s third in less than 15 months – has affected almost all Toyota and Lexus owners in Japan who have used the company’s cloud-based ‘Connected services’ between January 2012 to April 2023.
In Japan, Toyota’s Connected services can notify customers when their vehicle is due to be serviced, automatically contact emergency services in the event of a crash or locate their car after it has been stolen.
A spokesperson for Toyota Australia told Drive the car giant’s latest data breach in Japan does not impact local customers.
“Toyota Australia is informed that the cloud service platforms are Japan-based and not linked to any services we offer in Australia and therefore no Australian customer or vehicle data has been compromised,” said the spokesperson.
According to Reuters, the latest data breach – which has been attributed to “human error” – resulted in the vehicle identification numbers and locations of approximately 2.15 million cars being available to the public for more than a decade.
A spokesperson for Toyota Japan said there had been “no reports of malicious use” from the exposed information.
“There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,” a Toyota Japan spokesperson told Reuters.
The latest Toyota data breach represents the third time the car giant has been affected by a cybersecurity flaw since the start of 2022.
In March 2022, Toyota was forced to shut down all of its 14 factories in Japan after its key parts supplier – Kojima Industries – was targeted by a major cyber attack, though the production lines restarted the next day.
In October 2022, almost 300,000 email addresses of Toyota customers in Japan who had signed up to the T-Connect mobile app were found to be at risk of a cybersecurity breach. At the time, the car-maker did not confirm nor deny whether the information had been accessed by scammers.
Toyota Australia – which represents almost one in every five new cars sold annually – has not experienced a cyber attack since 2019 when its local head office was targeted, but no customer data was compromised.
The post Toyota data breach: Millions of Japanese owners affected, Australia safe for now appeared first on Drive.