What Are the Similarities and Differences Between Honda and Toyota’s Data Breaches?
The honda data breach reveals vulnerabilities within the company’s cybersecurity measures, while Toyota has also experienced a data breach, showcasing similarities between the two incidents. However, the specifics of each breach may differ, leading to variations in the scope of compromised information and potential consequences for both companies.
Toyota Discovers Two Misconfigured Cloud Services that Leaked Personal Information
Toyota Motor Corporation recently found two cloud services that were misconfigured, causing personal information of car owners to leak for over seven years. The carmaker conducted a thorough investigation on all cloud environments managed by Toyota Connected Corporation after discovering a misconfigured server that exposed the location data of over 2 million customers for ten years.
The new Toyota notice states, “We conducted an investigation for all cloud environments managed by TOYOTA Connected Corporation (TC), It was discovered that a part of the data containing customer information had been potentially accessible externally.”
Details of the First Exposed Cloud Service
The first cloud service leaked the personal information of Toyota customers in Asia and Oceania between October 2016 and May 2023. The database that should have only been accessible to dealers and service providers was publicly exposed, which led to the leak of critical customer information such as address, name, phone number, email address, customer ID, vehicle registration number, and vehicle identification number (VIN). However, Toyota has not disclosed how many customers were affected by this leak.
Details of the Second Exposed Cloud Service
The second cloud instance was exposed between February 9th, 2015, and May 12th, 2023, and contained less sensitive data related to cars’ navigation systems. This data includes the in-vehicle device ID (navigation terminal), map data updates, and data creation dates (no vehicle location data) of approximately 260,000 customers in Japan.
This leak impacted customers who subscribed to the G-BOOK navigation system with a G-BOOK mX or G-BOOK mX Pro and some who subscribed to G-Link / G-Link Lite and renewed their Maps using Toyota’s on Demand service between February 9th, 2015, and March 31st, 2022.
The impacted vehicles are models of Toyota’s sub-brand, Lexus, and include LS, GS, HS, IS, ISF, ISC, LFA, SC, CT, and RX cars sold between 2009 and 2015.
Toyota claims that data entries were automatically deleted from the cloud environment after a while, so there was a limited amount of data exposed at any given moment. The carmaker also states that even if the data was accessed externally, it would not be enough to infer identification details about the customer or access the vehicle’s systems in any way.
Preventive Measures Taken by Toyota
Toyota has implemented a monitoring system that regularly checks cloud configurations and database settings on all its environments to prevent these types of leaks in the future.