Toyota Motor Corporation recently discovered that two of its cloud services had exposed personal information about 2 million vehicle owners for a period of 7 years. An investigation revealed that some customer data, including addresses, names, phone numbers, email addresses, client IDs, vehicle registration numbers, and vehicle identification numbers (VINs) were potentially accessible from the outside. The first cloud service affected customers in Asia and Oceania between October 2016 and May 2023, while the second cloud service affected approximately 260,000 customers in Japan who subscribed to the G-BOOK navigation system, G-Link/G-Link Lite, and Toyota on Demand between February 9, 2015 and March 31, 2022. Vehicles affected include Lexus LS, GS, HS, IS, ISF, ISC, LFA, SC, CT, and RX sold between 2009 and 2015. Toyota has implemented a system to regularly monitor cloud and database configurations to prevent similar leaks in the future.
