May 31, 2023
Apology and Notice Concerning Newly Discovered Potential Data Leakage of Customer Information Due to Cloud Settings
On May 12, Toyota Motor Corporation (TMC) announced "Apology and Notice Concerning Potential Data Leakage of of Customer Information Due to Misconfiguration of Cloud Environment (Japanese only)" Subsequently, we conducted an investigation for all cloud environments managed by TOYOTA Connected Corporation (TC). It was further discovered that a part of the data containing customer information had been potentially accessible externally. We would like to inform you of the incident that has been identified as of today.
As we believe that this incident also was caused by insufficient dissemination and enforcement of data handling rules, since our last announcement, we have implemented a system to monitor cloud configurations. Currently, the system is in operation to check the settings of all cloud environments and to monitor the settings on an ongoing basis. In addition, we will work closely again with TC to explain and thoroughly enforce the rules for data handling. We will also work to prevent a recurrence by thoroughly educating our employees once again. We sincerely apologize to our customers and all relevant parties for any concern and inconvenience this may have caused.
We have also investigated whether, with this incident, there was any secondary use or if third-party copies remain on the Internet, and no evidence of such has been found. At present, we have not confirmed any secondary damage. (Vehicle location, credit card information, etc., are not included in this incident)
The incidents are as follows.
- Domestic service incidents in Japan
- In-vehicle device IDs―identification numbers for each in-vehicle device (navigation terminal)―, map data updates, and updated data creation dates used for distribution data creation of the in-vehicle navigation terminal map data distributing system were potentially accessible externally. (Services using this system have already been terminated)
- Even if accessed externally, these data alone cannot reveal and identify any individual customer. In addition, these data cannot be used to access or in any way affect the vehicle.
Customer information that may have been potentially accessible externally | In-Vehicle device ID, map data updates, updated data creation dates
Map information and its creation date, not vehicle location.
|
||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Impacted Customers |
Totalapprox. 260,000 customers
*1 Impacted Vehicles
|
||||||||||||||||||||||
Period that the cloud environments were potentially accessible externally | February 9, 2015 - May 12, 2023 In principle, the above customer information is automatically deleted from the cloud environment within a short period of time after the map data is distributed and is not continuously stored or accumulated during the above period. |
Customers whose information may have been leaked will receive a separate apology and notification to their registered e-mail addresses beginning today. In addition, a dedicated call center will be set up to answer any questions or concerns from customers.
- Overseas service incidents
- Some of the files that TC manages in the cloud environment for overseas dealers' maintenance and investigation of systems were potentially accessible externally due to a misconfiguration. After this matter was discovered, we took steps to block access from outside the company.
Customer information that may have been potentially accessible externally | Address, Name, Phone number, Email address, Customer ID, Vehicle registration number, Vehicle Identification Number
For impacted customers, not all but some of the above information is included depending on the inquiry file.
|
---|---|
Regions | Some countries in Asia and Oceania (Japan is not included) |
Period that the site was potentially accessible externally | October 2016 - May 2023 |
We will deal with the case in each country in accordance with the personal information protection laws and related regulations of each country.
Inquiries from applicable customers in Japan (Dedicated Call Center)
- Customer information consultation desk
- 0120-502-435
Please double-check the number before calling