Toyota's bungling of customer privacy is becoming a pattern

2023-05-15 02:26

In brief Japanese automaker Toyota has admitted yet again to mishandling customer data - this time saying it exposed information on more than two million Japanese customers for the past decade, thanks to a misconfigured cloud environment.

The exposed data belongs to almost the entire Japanese customer base that had signed up for Toyota's T-Connect driver assist product, and users of the G-Link service - a similar product for Toyota's luxury subsidiary Lexus.

According to the automaker, in-vehicle terminal IDs, chassis numbers, vehicle location information and timestamps were included in the exposed data, but Toyota said nothing in the dataset could be used to identify customers based on the data alone.

Toyota also said it hasn't found any indication the data was accessed or copied by a third party since November 2013, when the cloud service was first exposed.

Dubbed White Phoenix, it's a simple Python script designed to extract data from ransomed files that are only intermittently encrypted, which CyberArk said is a burgeoning trend in the ransomware world - favored for its speed and tendency to make a ransom attack less noticeable, while still doing damage.

Clearview AI, the facial recognition platform that's run afoul of data collection laws on multiple occasions, has been hit with a €5.2 million fine by France's data protection agency, the CNIL, for not paying a much larger €20m fine levied against it last year.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/15/toyota_bungles_privacy_of_japanese/

#privacy #toyota