Toyota Japan recently revealed a serious security breach that lasted for a decade, compromising the data of over 2 million customers. The breach affected individuals who signed up for the T-Connect network service from 2012 to April 17. Exposed data includes registered email addresses, vehicle-unique chassis and navigation terminal numbers, location information, and drive recorder videos.
The issue arose due to inadequate security measures in the cloud-based service, allowing unrestricted access without the need for a password. However, the problem was identified in April, prompting Toyota to bolster server protection to prevent further unauthorized access.
The Toyota Connected service, which offers features like service reminders, vehicle location tracking, and assistance, did not expose personally identifiable information. Cybersecurity experts emphasize the importance of educating staff on cloud security and implementing best practices. They also recommend adhering to zero-trust principles, granting necessary privileges, and employing data-centric security measures such as tokenization to mitigate risks associated with human error.
Additionally, it was discovered that source code from the company had been inadvertently posted on a public repository on GitHub, leading to a potential source-control and credential management issue. Experts highlight the need for privileged access management solutions and regular auditing of cloud systems to enhance security. They stress the importance of reviewing default settings in software-as-a-service tools and limiting insecure choices made by developers and end-users.
The automotive industry and other internet-connected technologies require improved cybersecurity practices. Governments, such as the UK's NCSC, US's CISA agencies, and the Japanese government, should play a role in setting cybersecurity standards. Furthermore, there is a growing need to hire a larger workforce of cybersecurity professionals to address the escalating threats.
Comments
Post a Comment