Toyota Motor Corporation has disclosed that a data breach on its cloud environment left the car-location information of 2,150,000 customers exposed for ten years, between November 2013 and April 2023.
Toyota mentioned that a database misconfiguration by Toyota Connected Corporation, entrusted to manage it, allowed anyone to access its contents without a password.
This data breach exposed the information of customers who used the company's T-Connect G-Link, G-Link Lite, or G-BOOK services during that period. T-Connect is the service provided to manage the in-car smart service for voice assistance, customer service support, car status and management, and on-road emergency help. The information exposed includes details of the in-vehicle GPS navigation terminal ID number, the car's chassis number, and location information of the car with time data.
Toyota has said that so far, there is no evidence of the data being misused.
A statement by Toyota Connected Corporation mentions that there is a possibility that video recordings taken outside the vehicle may have been exposed in this incident.
It may be mentioned that Toyota admitted in 2022 that about 300,000 customer email addresses were exposed for nearly five years after a subcontractor mistakenly uploaded part of the company's source code to the internet. This included a private key that stored customer email addresses.