erek
[H]F Junkie
- Joined
- Dec 19, 2005
- Messages
- 10,921
Another day, another data breach
"Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.
This latest incident – like the last one, in which two million customer records were exposed – "was caused by insufficient dissemination and enforcement of data handling rules," Toyota explained in a statement Wednesday. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.
TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.
As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included.
Some customer data from other Asian and Oceanic countries was exposed too, but Toyota didn't provide a total number for that part of the breach. It did say that exposed data from non-Japanese customers included addresses, names, phone numbers and other more sensitive information – oh, what a feeling.
Toyota said it implemented a system to monitor its cloud environments after finding the breach last month, and that it would continue to monitor said system to discover any more breaches that may be waiting to be found.
"We will also work to prevent a recurrence by thoroughly educating our employees once again. We sincerely apologize to our customers and all relevant parties for any concern and inconvenience this may have caused," Toyota said.
Affected customers are being notified, and Toyota has also set up a call center to field questions about yet another failure to be a good data steward."
Source: https://www.theregister.com/2023/06/05/security_in_brief/
"Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.
This latest incident – like the last one, in which two million customer records were exposed – "was caused by insufficient dissemination and enforcement of data handling rules," Toyota explained in a statement Wednesday. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.
TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.
As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included.
Some customer data from other Asian and Oceanic countries was exposed too, but Toyota didn't provide a total number for that part of the breach. It did say that exposed data from non-Japanese customers included addresses, names, phone numbers and other more sensitive information – oh, what a feeling.
Toyota said it implemented a system to monitor its cloud environments after finding the breach last month, and that it would continue to monitor said system to discover any more breaches that may be waiting to be found.
"We will also work to prevent a recurrence by thoroughly educating our employees once again. We sincerely apologize to our customers and all relevant parties for any concern and inconvenience this may have caused," Toyota said.
Affected customers are being notified, and Toyota has also set up a call center to field questions about yet another failure to be a good data steward."
Source: https://www.theregister.com/2023/06/05/security_in_brief/