Representatives of Toyota Motor Corporation reported that from January 2012 to April 2023, a misconfiguration of the cloud environment managed by Toyota Connected Corporation caused the disclosure of data on the location of cars of 2,150,000 customers of the company. Upon discovery of the issue, measures were taken to block access from outside and an investigation is ongoing. Toyota apologizes to customers and related parties for the inconvenience and concern caused.
T-Connect is a smart service built into Toyota vehicles that provides voice assistance, customer support, emergency roadside assistance, and reminders to check the technical condition of the car. It can also send a distress signal after an accident or help find a stolen car.
The data breach only affected customers in Japan who used the services of T-Connect, G-Link, G-Link Lite or G-BOOK in the specified time period. An incorrectly configured database made it possible to find the GPS car terminal ID, car body number, as well as information about the location of the vehicle with timestamps. Unauthorized users could have accessed the said data, as well as the real-time location of 2.15 million Toyota vehicles. Additionally, the second Toyota statement mentions the likelihood of leakage of video recordings “filmed outside the car” for the period from November 14, 2016 to April 4, 2023.
Toyota has promised to notify all affected customers and set up a dedicated call center to handle their issues. The company is taking all necessary steps to ensure the security of customer data and prevent similar incidents in the future.
