Toyota has disclosed that for more than 10 years, a misconfigured cloud bucket left more than 2.15 million customer records exposed to the open internet. According to the disclosure, the sensitive data from Toyota’s cloud-based Connected services was open to unauthorized access from November 2013 to this April.
However, the breach was only said to impact customers in Japan. Any unauthorized access to the data would not identify individual customers. A Toyota spokesperson also added that there has not been any observed use or abuse of the data from a third party. The data breach disclosure statement said the main cause for this incident was “insufficient explanations and thoroughness of rules for data handling” and that they are working to build a system that will prevent it from happening again.