Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers

The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.

Dark Reading Staff, Dark Reading

May 31, 2023

1 Min Read
image of a Toyota dealership
Source: Allen Creative/Steve Allen via Alamy Stock Photo

Toyota Motor Corp. today announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners' personal information over a seven-year period.

This discovery comes after the car manufacturer conducted an investigation of its cloud features in the wake of announcing earlier in the month that the data of 2.15 million customers was available for over 10 years to anyone on the Internet, also due to a misconfigured cloud bucket.

The cloud service, known as Toyota Connected, allows Toyota car owners to connect to Internet services in their vehicles such as entertainment features, emergency assistance in an accident, and location services.

"Having this data exposed, and for so long, it should be assumed that all this data was compromised over and over ... Since I haven't been notified about my data being leaked, as a Toyota customer I can assume it's because they are taking a slow legal approach as well," said Jason Kent, hacker in residence at Cequence Security, in an emailed statement regarding the subsequent breach.

Customers' information such as names, phone numbers, email addresses, and vehicle registration numbers may have been externally accessible from October 2016 up until this month. The car manufacturer stresses that no financial or vehicle location-related data was included in the breach.

"As we believe that this incident also was caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations," stated the company in its apology and notice.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights