Toyota apologises after 2.15 mn customers’ data exposed for a decade

As connected cars become more mainstream globally, Toyota has issued an apology after discovering that millions of partial customer data had been posted “due to misconfiguration of the cloud environment” for a decade.

The automaker said it would notify approximately 2.15 million customers in Japan whose personal and vehicle information was left exposed on the Web from November 6, 2013, to April 17, 2023.

Exposed data includes registered email addresses, the vehicle’s unique chassis and navigation station numbers, the location of the vehicles and the time they were there, and video clips from the vehicle’s “driving recorder”.

“After discovering this, we have implemented measures to prevent access from outside, but we continue to conduct investigations including in all cloud environments. We apologize for causing significant inconvenience and concern to our customers and related parties.

The company individually sends an apology and notification to the registered email address of customers whose in-vehicle terminal ID, chassis number, vehicle location information and time may have been leaked.

“In addition, we will set up a call center dedicated to answering customer questions and concerns,” the Japanese giant said.

The company said that the main reason for this incident was the insufficient interpretation and accuracy of the rules for data processing.

“This time, customer information that may have been viewed from outside will not identify the customer based on this data alone, even if accessed from outside,” it said in a statement.

Since discovering this, “we have not confirmed any secondary use of customer information on the Internet by a third party, or whether or not there are any copies left of customer information that may have been viewed from outside.”

– Jans

na/prw/dpb