has confirmed that 2.15 million of its Japanese customers had their car-location data exposed from Nov. 6, 2013, to April 17, 2023, as a result of a cloud environment misconfiguration, BleepingComputer
Such a misconfiguration has compromised information from Toyota Japan customers who used the automaker's T-Connect G-Link, G-BOOK, or G-Link Lite services from Jan. 2, 2012, to April 17, 2023, including in-vehicle GPS navigation terminal ID numbers, chassis numbers, and vehicle location details with time information. No evidence of data misuse has been found by Toyota but a separate statement noted the potential compromise of video recordings outside the vehicle which have been taken from Nov. 14, 2016, to April 4, 2023.
"After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologize for causing great inconvenience and concern to our customers and related parties," said Toyota.
Such an incident follows Toyota's data breach disclosure last October concerning the public exposure of a T-Connect customer database access key, which has resulted in unauthorized access to data from 296,019 customers for nearly five years.