Introduction
Smart cars kicked off the years in the headlines, but not for a good reason: A vulnerability was discovered in 16 major vehicle manufacturers, leaving millions of drivers potentially exposed. Since then, cyberattacks against major companies haven’t slowed down…and smart cars are still on the hook.
A new data breach at Toyota now reveals 260K customers have been having their personally identifiable information leaked over the course of the past seven years.
Yes, you read that right. Whether you own a Toyota, or another smart car that relies on cloud services to store and communicate data, then you need to know what’s been happening with Toyota Connect.
How Did We Get Here?
Like many services available in the modern age, Toyota relies on the cloud for secure backup and storage of their vast library of digital information. Remote backups like the cloud have multiple advantages; for starters, it allows you to store and access data from anywhere with a WiFi connection. That comes in handy if you work from multiple locations or need to check in during vacation, for example. This provides users with a secure and convenient way to store their data, without having to worry about physical storage, which could get damaged.
Furthermore, cloud storage is widely considered to be more secure; after all, it is typically encrypted and password-protected to prevent unauthorized eyes from viewing what’s inside.
As such, it is becoming a popular choice for businesses looking for a secure and reliable way to store their data.
How Their Cloud Was Breached
Like many massive brands (think Samsung Cloud or the iCloud), Toyota established “Toyota Connect” as a way for drivers to call emergency or roadside assistance, locate their stolen vehicle and remotely monitor their car’s health. Sounds great, right?
Sure…until it all comes crashing down one fateful day in May.
It turns out that Toyota Connect had two misconfigurations in the cloud, and they had been leaking data on 260K car owners for the past seven years. Among the PII that was accessible to outsiders were names, numbers, emails and car VINs. Although Toyota says financial and geo-location data were not exposed, the information that was compromised had been vulnerable since as far back as October 2016.
In response to the vulnerability, Toyota Connected has strengthened its cloud services and how they monitor that system. Users should keep an ear out for more news following this exposure, but also be wary of phishing scams that you may encounter from threat actors trying to leverage the information they found about you.
Conclusion
Unfortunately, cybercriminals are constantly adapting to find new ways to breach even our best defenses. Because of that, there’s no such thing as a completely impenetrable cloud. However, this case with Toyota exemplifies the need for automated system monitoring and qualified experts to oversee the whole security posture. Vulnerabilities can be caught before seven years have gone by, leaking data all the way.
When you’re choosing a cloud service for yourself or your business, do your research to ensure you’re trusting all your confidential files into a secure, encrypted, and heavily monitored offsite database. Data privacy is a serious business, and organizations of all sizes have been experiencing an unprecedented number of attacks since so much of the world moved online. It’s important to remain vigilant, stay up to date on the latest threats to your systems and assets, and make good decisions about your online security every single day.