Toyota customers in Asia, Oceania face risk of data leak due to setting error

Toyota Motor Corp said on Wednesday that information on customers in some countries in Asia, excluding Japan, and Oceania may have been left publicly accessible from October 2016 to May 2023 because of a setting error in the cloud environment.

Customer information that may have been accessible externally included names, addresses, phone numbers, email addresses, and vehicle identification and registration numbers, the company said.

The incident follows its announcement earlier this month that the vehicle data of 2.15 million users in Japan, or almost the entire customer base who signed up for its main cloud service platforms since 2012, had been publicly available for a decade due to human error.

Toyota said the latest issue was discovered after it launched a broad investigation following the earlier incident.

"As we believe that this incident also was caused by insufficient dissemination and enforcement of data handling rules... we have implemented a system to monitor cloud configurations," Toyota said.

It said the company had also investigated whether there was any third-party copies or use of its customer data and found no evidence of such use, adding vehicle location and credit card information were not included in the incident.