"Toyota said it had no evidence the data had been misused"
If I shut my eyes before looking in an empty pot I will not see anything either.
Did they ask all the customers affected ?
Japanese automaker Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern. This latest incident – like the last one, in which two million customer records were exposed – "was …
Management decided that as a car manufacturer they were so good at this cloud malarky that they thought it would be a good idea to make every car upload its journeys into cloud buckets secured by Toyota... or not.
Looking forward to the next leak in about four months if past performance is anything to go by.
“Toyota is again apologizing for spilling customer records online due to a misconfigured cloud environment – the same explanation it gave when the same thing happened a couple of weeks ago. It's like a pattern.”
The reason this happens is, most probably, that an untrained and inexperienced intern was given the task. For you see, even in this day-and-age, IT is still considered a low priority business expense. Personally, I would have written a script to test security after each upgrade/change.
Easy to express that you'd write a script to do it but I suspect you'd find it very challenging to accomplish what you set out to do with it i.e. use a script to defeat the awesome powers of human stupidity, laziness, and greed.
Who's to say someone didn't already try to do just that, only the cloud provider changed the API in a breaking way? What if the PM changed which cloud provider it was uploaded to? What if the change was non-malicious but happened via unauthorized process?
And that kind of breaking change is just for one single check. Now when you factor in all the other 1,001 ways you're trying to use technology to backstop poor human skills/training, your script may technically be a script, but at 65,000 lines is looking more like a program that needs its own coders to maintain it and fix it to keep it effective. It would become, in effect, and internally developed "expert system" (what passes for being called AI these days.)
Maybe your 'script' would have caught it, but I've been around the block too many times to accept such easy glib answers to a VERY complicated problem. The real solution is people. People whose job it is to review production systems regularly for this kind of thing, and people at the board level who see the value of that and are willing to authorize the payroll expenditure to make it happen.