Actually, wait...
Three weeks since it said there was no local impact, Toyota Australia has now confirmed a 'limited number' of its customers are affected by a massive data exposure case initially reported in Japan.
Despite previously stating that Australia’s Toyota Connected Services aren’t linked to the Japan servers and were therefore not impacted by the vulnerability, the local arm has revised its position, following further investigation.
The full statement, followed by our original story, can be found below.
Importantly, Toyota says that while some of its Australian customers are affected by the matter, it has "found no evidence that the data has been accessed".
We may never know the full number of affected owners in Australia, however, with Toyota describing it as only "a comparatively small number".
Unlike a conventional recall, Toyota says it is working to contact affected owners directly rather than issuing a notice with the VINs of vehicles involved in the matter.
Full Toyota Australia statement
“On 12 May, Toyota Motor Corporation confirmed that the vehicle data of some users in Japan had been publicly accessible due to an error in the configuration of a cloud-based database,” a Toyota Australia spokesperson told Wheels.
“At the time of that notification, it was our understanding that no Australian data was included but, upon continued investigation, we now know that a comparatively small number of Australian records have been impacted.
“Our investigations have found no evidence that the data has been accessed, and we have concluded that the probability is extremely low that any third party could have accessed it.
“While the data may include vehicle information, as well as some personal information such as names and some contact information, no personal financial details are included.
“Toyota Australia recognises the concern that this may cause to our customers, and we are working to contact directly those impacted to advise them of the situation, and to detail the measures that we have taken to ensure the security of our systems and their data.
“We continue to liaise with Toyota head office in Japan, and we will provide updates should additional information become available.”
Lexus not affected
Toyota's luxury marque Lexus has confirmed with Wheels that while the data leak did affect Lexus owners in Japan, its Australian customers are not affected. However, the brand's local spokesperson did not offer any further insight on how its Australian customers were immune to a leak that affected the wider Toyota business.
The Lexus version of Toyota's connected services launched locally in early 2022.
May 18, 2023: Toyota confirms Japan data leak, Australian owners unaffected
As noted in our story update above, the details in this May 18 story are retained here for the historical record only.
Toyota Motor Corporation has confirmed the vehicle data of 2.15 million owners in Japan had been made public since 2013 due to a ‘human error’.
Importantly, the company's local arm has confirmed to Wheels Media that no Australian owners have been affected by this security breach.
Snapshot
- Data exposed for more than 2 million Toyotas in Japan
- ‘Human error’ left connected services system public for the past decade
- Australian owners unaffected
The data leak only affects Toyota and Lexus customers in Japan who signed-up for the T-Connect and G-Link connected services respectively.
A Toyota Motor Corp spokesperson told Reuters [↗] that the cloud system was erroneously set to public instead of private between November 2013 to mid-April 2023 – due to a “lack of active detection mechanisms… to detect the presence or absence of things that became public.”
This left details open, such as vehicle locations and identification numbers, but the company claims there have been no reports of malicious use.
The world’s biggest automaker – and the best-selling car brand in Australia – said it has opened an investigation under Toyota Connected Corporation and would introduce a system to audit cloud settings, continuously monitor settings, and educate employees on data handling.
Australians not impacted by data leak
Toyota Connected Services launched in Australia last year with the debut of the Corolla Cross small SUV, and has subsequently rolled out to almost all models except the GR 86 coupe.
However, a Toyota Australia spokesperson told Wheels that the data leak doesn’t affect owners locally.
“Toyota Australia is informed that the cloud service platforms are Japan-based and not linked to any services we offer in Australia and therefore no Australian customer or vehicle data has been compromised,” the spokesperson said.
The company embeds a Telstra SIM card to enable built-in emergency services calling and a connected smartphone application to monitor the vehicle status, while higher-tier paid subscriptions unlock functions such as remote engine start, remote locking/unlocking, and a connected voice assistant.
A growing number of carmakers are offering similar connected services in Australia, including Hyundai Bluelink, Kia Connect and FordPass Connect, following in the footsteps of Tesla.
COMMENTS