Toyota says the vehicle data and personal information of some Australian customers may have been publicly accessible due to a human error that saw a cloud storage system set to public instead of private.
The customer information that might have been accessible externally included names, addresses, phone numbers, email addresses, and vehicle identification and registration numbers, the company said.
The information may have been accessible between October 2016 and May 2023.
It follows confirmation earlier this month that the vehicle data of more than 2 million Toyota users in Japan had been available for nearly a decade — from late 2013 to April this year — because of human error.
Initially Toyota said customers in Australia were not affected. However, it has since backtracked on that and said no personal financial details were made public.
"At the time of that [May 12] notification, it was our understanding that no Australian data was included but, upon continued investigation, we now know that a comparatively small number of Australian records have been impacted," a Toyota Australia spokesperson said.
"Our investigations have found no evidence that the data has been accessed, and we have concluded that the probability is extremely low that any third party could have accessed it."
"While the data may include vehicle information, as well as some personal information such as names and some contact information, no personal financial details are included."
Toyota Australia said it "recognises the concern" the incident might cause customers and was working to get in touch with those affected directly to advise them of the situation.
It is understood customers in other countries in Asia and Oceania are affected, but Toyota did not say how many or in which countries.
The company said it was investigating the issue based on the laws and regulations of each country.
ABC/Reuters