Toyota Motor said data on its 2.15 million customers’ cars will be freely available for about ten years – from November 2013 to mid-April 2023. The world’s top-selling automaker has suffered from its own strategy of connecting its vehicles to the network.
Leveraging a network connection is now considered crucial for autonomous driving and the delivery of various services, including the use of artificial intelligence algorithms. However, it was the presence of such a connection that led to the leak. It is reported that a configuration error in the automaker’s cloud environment could lead to the disclosure of data about the location of vehicles and the identification numbers of the components used in them. At the same time, it is claimed that there have been no incidents of intruders using this data.
According to Toyota, the victims also include car owners who connected to the T-Connect service from early 2012 to April 17, 2023. The company has already apologized to them. In addition, users of a similar service, G-Link, aimed at owners of Lexus cars and providing emergency assistance, are affected.
The incident was explained as a human error that actually allowed general access to the cloud system – the data should have only been accessible to users with the required rights. Toyota added that the company will roll out tools to continuously review and monitor cloud settings, train staff responsible for services, and conduct audits of their activities.
It is known that the Japan Personal Data Protection Commission has already received a notification of the incident, but further details have not yet been released. According to Toyota itself, after identifying and investigating the incident, measures were taken to prevent unauthorized access to all of Toyota Connected Corp. to block operated cloud services.