Toyota found another misconfigured database of sensitive customer information that anyone who knew where to look would have access.
In a statement, Toyota said it had uncovered a new data breach after a separate misconfigured database containing sensitive information about more than two million customers was discovered earlier this year and was believed to have remained unsecured for about a decade.
This newly discovered batch contained details of 260,000 car owners, including device IDs in vehicles and map data displayed on the car’s navigation system. Given that it is a pseudonym, it is almost impossible to link it to real people without additional data from a separate source.
Toyota Customer Violation
However, most of the affected customers are said to be in Japan, with an undisclosed number living in other parts of Asia and Oceania. Information such as names, postal and email addresses, as well as Toyota-issued customer identification numbers and vehicle registration/ID numbers have been disclosed to some of these customers.
Affected customers have been purchasing their Toyotas since December 2007, and the data was disclosed between February 2015 and May 2023.
While this is definitely a dangerous slip-up, there seems to be good news – Toyota says there is no evidence that anyone has found the database before, as the records do not indicate any exfiltration attempts. The company did not explain how it determined this.
So far, the automaker has not responded to media inquiries, TechCrunch says, but has apologized and said it will contact all affected customers with separate apologies. We don’t know if it will offer an annual identity theft and credit monitoring service, which is standard practice in such scenarios.