Toyota PH reports MyToyota app data breach, some customer data compromised

Unauthorized disclosure of MyToyota app customer data

Data breaches seem to be the new concern as of late, with numerous incidents occurring in the last month or so. And while many breaches have been of incidents involving government websites (e.g. PNP’s online firearms system), it seems major corporations are reporting the same.

Earlier today the Presidential Communications Office (PCO) released an update regarding alleged breaches involving major companies such as S&R, Robinsons Land, and Toyota.

Yes, Toyota Motor Philippines has figured in a data breach incident, and apparently, they reported it a month ago to the National Privacy Commission (NPC). But the alleged breach isn’t a breach per se; Toyota says it was unintentional.

In a statement, Toyota said that there was “a security incident” and that it resulted in the “unauthorized disclosure” of information about their customers who use the MyToyota app. They also stated that not all user data was released, but rather a limited amount. Furthermore, they say that customers affected by the “security incident” were already notified.

What is unusual about the incident is that Toyota says it was “unintentional human error” and not a deliberate attempt, though the data that was disclosed is being referred to as “sensitive personal information”. Toyota also makes it clear that no data such as financial transactions (e.g. credit cards) were disclosed.

Below is the statement from Toyota Motor Philippines president Masando Hashimoto in full.

On May 14, 2024, Toyota Motor Philippines (“TMP”) reported to the National Privacy Commission (NPC) a data security incident involving the unauthorized disclosure of the customer data of some registered users of the MyToyota mobile app. We assure the public that not all registered MyToyota app users are affected by the disclosure. Notifications were immediately sent to our concerned customers.

Per TMP’s investigation, the security incident involves an unintentional human error and concerns the confidentiality of the data of the affected customers. The integrity and availability of the data remain intact. The customer data subject of the disclosure includes certain sensitive personal information. Notably, any data regarding financial transactions is not part of the disclosure.

We continue to investigate security issues and cooperate with the appropriate government authorities. Rest assured that we will continue to update the affected customers on the progress of this probe.

Meanwhile, we remind all registered MyToyota users to be vigilant and cautious of potential privacy harms due to said incident.

We are very sorry for the inconvenience this may cause our valued customers.

Our customers’ trust is vital to us, so we continuously put additional safeguards in place to keep our customer data secure for our customers’ protection and make every effort to avoid similar incidents in the future. For customer concerns related to the security incident, please get in touch with Toyota Customer Assistance Center number (02) 819-2912 or email address customerassistance@toyota.com.ph and TMP’s Data Protection Officer through DPA.compliance@toyota.com.ph

Thank you very much for your understanding.

Masando Hashimoto
President
Toyota Motor Philippines

Next Auto News

End of an era: Dodge PH launches Last Call units of Challenger

Own a piece of Americana before it's gone

2024-06-14 15:17:52
Marcus De Guzman