Two weeks ago, Toyota said it exposed the data of more than two million customers on the internet for a decade. Today, the car giant said it recently uncovered the data of another 260,000 car owners from its systems.
Toyota said in a statement that it had identified another batch of exposed data that was “potentially accessible externally due to misconfiguration” of its connected cloud service, which enables Toyota customers to obtain internet services in their vehicles, such as information about their vehicle, in-car animation and assistance in the event of an accident or car breakdown.
The automaker said it learned of the misconfiguration after conducting a wider investigation into its cloud environments after admitting earlier this month that customer data was accessible by anyone from the wider internet.
Toyota said the newly discovered exposed data includes in-vehicle device identifiers and map data displayed on customers’ in-car navigation system in Japan, but the information alone does not contain location information and cannot not reveal or identify customers. Toyota customers may be affected if they purchased a vehicle as early as December 2007 and their data was exposed between February 2015 and May 2023.
The automaker said it will notify customers whose information has been exposed with a separate apology.
Toyota also confirmed that an unknown number of customers outside of Japan, particularly in Asia and Oceania, had personal information exposed between October 2016 and May 2023. Although the data varies by customer, Toyota said the Exposed data may include customer names, postal and email addresses. addresses, a customer identification number issued by Toyota and vehicle registration and identification numbers. The company said it will notify customers in accordance with local laws.
The company said it had no evidence that the data was accessed or copied, although Toyota did not specify what logging, if any, it must determine if data was exfiltrated from its systems.
TechCrunch has contacted Toyota for more details, but has yet to receive a response.