Toyota admits to yet another cloud leak

[erek]

Another day, another data breach

"Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.

This latest incident – like the last one, in which two million customer records were exposed – "was caused by insufficient dissemination and enforcement of data handling rules," Toyota explained in a statement Wednesday. Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.

TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.

As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included.



Some customer data from other Asian and Oceanic countries was exposed too, but Toyota didn't provide a total number for that part of the breach. It did say that exposed data from non-Japanese customers included addresses, names, phone numbers and other more sensitive information – oh, what a feeling.

Toyota said it implemented a system to monitor its cloud environments after finding the breach last month, and that it would continue to monitor said system to discover any more breaches that may be waiting to be found.

"We will also work to prevent a recurrence by thoroughly educating our employees once again. We sincerely apologize to our customers and all relevant parties for any concern and inconvenience this may have caused," Toyota said.

Affected customers are being notified, and Toyota has also set up a call center to field questions about yet another failure to be a good data steward."

Source: https://www.theregister.com/2023/06/05/security_in_brief/

 

[MrGuvernment]

Toyota said it had no evidence the data had been misused,

Translation - Your data is already being sold on the darkweb and expect phishing attempts and loads of other spam and identity theft to occur in the very near future..

"We will also work to prevent a recurrence by thoroughly educating our employees once again.

How about you hire an actual Cyber Security department that does proper internal audits of your systems as well as have proper external audits done every half or yearly minimum.

 

[erek]

Translation - Your data is already being sold on the darkweb and expect phishing attempts and loads of other spam and identity theft to occur in the very near future..



How about you hire an actual Cyber Security department that does proper internal audits of your systems as well as have proper external audits done every half or yearly minimum.

your stuff ever get leaked?

 

[sfsuphysics]

So you can't access the black box in your car, THAT YOU OWN, without special decryption software that only Toyota has and only if these decide you can have it... but information about any levels of customers... nah anyone can get that.

 

[toast0]

You know what, International Harvester never lost my data. May have helped that they were effectively dead before I bought the car, but hey. I could still get parts for most stuff anywhere they had stuff for tractors

 

[erek]

So you can't access the black box in your car, THAT YOU OWN, without special decryption software that only Toyota has and only if these decide you can have it... but information about any levels of customers... nah anyone can get that.

wonder how long until those special cryptographic encryption / Root signing keys get "leaked" once someone gets upset enough about your particular point?

 

[dogDAbone]

Translation - Your data is already being sold on the darkweb and expect phishing attempts and loads of other spam and identity theft to occur in the very near future..

How about you hire an actual Cyber Security department that does proper internal audits of your systems as well as have proper external audits done every half or yearly minimum.

Next headline:

million's of toyo's vehicles have been taken over (or stolen) by dark web hackers, with ton's of pron downloaded into their entertainment systems, plus spywarez and backdoors activated to track every single movement of every vehicle and give drivers false info thru the nav systems, leading them to the wrong places etc etc....

The gov't should fine Toyo $1M per vehicle, with 1/2 of the money given to the effected people, so they can buy another brand of car and offset their expenses of the consequences of identity theft..

 

[MrGuvernment]

your stuff ever get leaked?

As in my data from a breach, or data from a company i worked for?

 

[MrGuvernment]

Next headline:

million's of toyo's vehicles have been taken over (or stolen) by dark web hackers, with ton's of pron downloaded into their entertainment systems, plus spywarez and backdoors activated to track every single movement of every vehicle and give drivers false info thru the nav systems, leading them to the wrong places etc etc....

The gov't should fine Toyo $1M per vehicle, with 1/2 of the money given to the effected people, so they can buy another brand of car and offset their expenses of the consequences of identity theft..

Likely, this always starts small right, and as Toyota plays it down, more truth comes out every day of the real damage done.

 

[M76]

That's future of cars for you, instead of leaking oil, they leak your personal data. Glad my car is over 20, and I have no intention of replacing it.