Toyota mishandled user data by publishing over 2 million user info online

From time to time, there are reports of a data breach which leads to the leak of millions of user data. However, it is less common that a company will publish millions of user data online, not intentionally anyway. Toyota Motor announced a cybersecurity case which involves its subsidiary, Toyota Connected. In error, the company set part of the info about 2.15 million users online. Toyota said in a statement that the breach of user data was caused by a setup error in the cloud service. The leaked content includes vehicle serial numbers and location info. Toyota responds that the data was used for internal admin purposes and would not be traced to the user. 

Toyota electric vehicles

From the reports so far, the data breach covers orders for Toyota T – Connect, G – Link, G – Link Lite and G – Link from Jan. 2, 2012, to April 17, 2023. About 2.15 million users of the BOOK telematics service. Also affected is dash cam footage uploaded to the cloud using an enterprise service provided by Toyota Connect. This is also publicly accessible on the Internet, from Nov. 14, 2016, to April 4, 2023. The company also said that the system bug has now been fixed. Also, there is no evidence that any data from the pool was used illegally.

Leaked Data were all from Japan

According to Reuters, the car data from the Toyota leak were all from Japan. This makes up almost all users that have had an active account with the company’s cloud service since 2012. For over a decade, this data has been available online.

In addition to regular Toyota cars, the leak also affects users of its luxury brand Lexus. A spokesperson for Toyota said

“There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,”

Toyota electric vehicles

Moving forward, the company claims to work on a system to check its cloud settings. Toyota also claims to monitor its settings from time to time (often) and teach staff how to handle users’ data. There are also reports that the Personal Information Protection Commission is aware of the issue. However, there is no official comment because it does not comment on single issues.

From time to time, we hear reports of users data breaches in Japan just as it is in other parts of the world. Mobile service provider NTT DoCoMo (9432.T) stated in March that data of up to 5.29 million users may have been hacked by a company to which it had outsourced services.

This event is only one of several issues facing Koji Sato, who replaced Akio Toyoda, the grandson of the company’s founder, as Toyota CEO on April 1. Since he took office, Toyota has faced issues with its affiliate Daihatsu’s safety testing and received a shareholder petition from three European fund managers.

History of User Data Breach Involving Toyota

Toyota, one of the world’s largest car brands, has been hit by a couple of data breaches over the years. In this section, we will look at the history of user data breaches that involve Toyota with interest in the most recent cases. 

Toyota electric vehicles

2019 Data Breach

In 2019, Toyota was hit with a data breach that affected the sales info of almost 3.1 million users. Hackers breached Toyota’s IT systems and gained fake access to servers that contains sales info. The stolen data include names, birth dates, and job info of Toyota staff. The company stated that no credit card info was stolen in the breach.

The Toyota data breach had a severe impact on the company. After the event, many of its users expressed fears and concerns about the safety and security of their personal info. The breach led to a public relations crisis for the company. Of course, Toyota faced criticism for its handling of the whole event. The events also show the importance of data protection and cybersecurity. It also made many users become more cautious about how they share their personal info with companies.

However, Toyota was quick to respond to the data breach. The company issued a statement that states that it is aware of the issue and also told users that it is taking steps to take care of the issue. The company also set up a hotline for users to call if they had concerns or questions about the breach. In addition, a service to monitor the credit info of users was also set up by Toyota to protect their finances.

2022 Data Breach

In October 2022, Toyota announced a data breach that may have exposed the emails of up to 300,000 customers for a period of time. The company stated that the breach was caused by a third – party vendor who had access to Toyota’s systems. The vendor’s system was hacked, which led to the exposure of Toyota’s user data. Toyota stated that it had taken steps to prevent similar issues from happening in the future. This data breach did not cause as much fuss as the 2019 case did. The reason is quite obvious, it affects a far lesser number of people. 


Impact of the Data Breaches

The data breaches have had a huge impact on Toyota’s ego and user trust. The company has faced criticism for its handling of data breaches and for not doing enough to protect its users’ data. The breaches have also exposed the weakness of Toyota’s IT systems and the need for better security measures.

Final Words

Toyota has been hit by several data breaches over the years, which have exposed the info of millions of users. The company has, however, taken steps to prevent similar cases from taking place in the future. In spite of this, the breach of user data had a huge impact on the face of Toyota as well as its user trust. It is quite good for car brands to take the safety of their user data very seriously.

Leave a Comment