Toyota has announced a decade-long data breach of its main cloud service platform, affecting over two million users in Japan.
The breach, which spanned from January 2012 to April 2023, left vehicle data publicly available due to human error, the Japanese automaker said on 12th May, 2023.
Toyota’s cloud-based connected service is used by customers to stream entertainment, receive maintenance check reminders, and contact emergency services after a crash.
The breached data, which was set to public instead of private by a Toyota employee, includes vehicle locations and individual vehicle identification numbers, a company spokesperson said.
In response to why it took over ten years to realise the error, a company spokesperson said: “There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public.”
While Toyota has insisted there have been no reports of malicious use, the public availability of video footage captured by the in-car camera still poses a substantial risk to drivers.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Around 88% of all data breaches are caused by an employee mistake, according to a recent study carried out by Stanford University.
“Toyota is the latest victim of human error and the huge risks it poses for organisations,” Camellia Chan, founder of data security solution company X-PHY, told Verdict.
“Often, businesses make life easy for cybercriminals by not properly configuring networks and in this case, what should have been private cloud data became very public.”
“It’s no longer enough to just try and keep nefarious actors out, but you must be able to detect when they’re in or when something isn’t right,” Chan said.
Adding: “Businesses must provide data with the greatest protection at every level and that increasingly means removing the human factor through AI and ML.”
GlobalData is the parent company of Verdict and its sister publications.