Toyota data breach: Australia safe for now as car industry gets wake-up call

Toyota Australia has confirmed just about 300,000 purchaser e-mail addresses associated in a cybersecurity flaw learned overseas does not have an impact on regional consumers.

Toyota’s headquarters in Japan issued an apology on Friday, revealing an investigation by safety industry experts identified 296,019 electronic mail addresses and client management quantities subscribed to the T-Connect mobile app have been at chance – while it couldn’t confirm nor deny no matter whether the information and facts experienced located its way into the fingers of scammers.

In a statement issued to Push, a Toyota spokesperson said the “T-Link programs are Japan-centered and are not joined to any solutions we present in Australia”.

In 2019, Toyota Australia was the subject matter of an attempted cyber assault – and in March 2022 a cyber attack forced the vehicle big to quickly halt production at all 14 of its Japanese factories – though no client info is believed to have been exposed in both occasion.

Nevertheless, in light of the new Optus hacking scandal – in which driving licence numbers and passport aspects had been compromised – problems have been lifted concerning what personal details is held by automotive companies, automobile dealerships, and connected corporations in Australia.

The director of a huge Australian novated lease service provider – speaking on issue of anonymity – told Generate his company had a short while ago built the determination to clear away all sensitive customer information and facts from its IT systems to minimise exposure to a probable hack.

“If Optus can get hacked, we don’t stand a opportunity,” the govt said, revealing management experienced sat down with a cybersecurity pro in the times next the telecommunication company’s data breach.

Pursuing the Optus info breach, the Australian Automotive Dealer Affiliation (AADA) despatched a bulletin to its customers reiterating the importance of cyber protection, providing tips on how to assistance defend their methods from unauthorised entry.

Even so, it is unclear which – if any – car dealerships have insurance policies to delete sensitive licence details right after new cars have been purchased, or right after a assistance mortgage car has been returned.

Sam ‘Frenchie’ Stewart – CEO of Frenchie InfoSec, and former Infrastructure Security Engineer at a Silicon Valley self-driving car company – reported stripping avoidable data from IT techniques was the very best way to keep away from exposing delicate info.

“While I always really encourage consumers to be conscious about what details they share online, the duty listed here lies with the companies entrusted with the protection of that facts,” Mr Stewart informed Push.

“[Canadian-British journalist and author] Corey Doctorow mentioned it most effective in 2008: Organizations need to handle data like radioactive waste – only accumulate the complete minimal personal data necessary, and spend in appropriate safeguards to guard the privateness of their shoppers,” the cyber stability qualified informed Push.

“You can’t leak data that you don’t collect, so I would like to see a lot more corporations adopting the craze of info minimisation as a suggests of currently being proactive about using consumer privacy very seriously,” Mr Stewart additional.