in brief Japanese automaker Toyota has admitted yet again to mishandling customer data – this time saying it exposed information on more than two million Japanese customers for the past decade, thanks to a misconfigured cloud environment.
Toyota explained in a Japanese-language statement that it took measures to block external access to the insecure cloud system as soon as it noticed the issue – but the fact it took a decade to catch on isn't exactly reassuring.
"There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public," a Toyota spokesperson told Reuters.
The exposed data belongs to almost the entire Japanese customer base that had signed up for Toyota's T-Connect driver assist product, and users of the G-Link service – a similar product for Toyota's luxury subsidiary Lexus.
According to the automaker, in-vehicle terminal IDs, chassis numbers, vehicle location information and timestamps were included in the exposed data, but Toyota said nothing in the dataset could be used to identify customers based on the data alone. Toyota also said it hasn't found any indication the data was accessed or copied by a third party since November 2013, when the cloud service was first exposed.
It would be easy to dismiss the incident as a rather serious accident, but Toyota's done this before: It admitted just last year to exposing data on nearly 300,000 T-Connect customers thanks to another security mishap.
In that instance, a subcontracted developer working on T-Connect uploaded source code to GitHub t ..
Support the originator by clicking the read the rest link below.
