Toyota has issued a public apology after uncovering a decade-long data breach, resulting from a misconfiguration of their cloud environment, which exposed the personal and vehicle information of nearly 2.15 million customers in Japan. The data leak, ranging from November 6, 2013, to April 17, 2023, occurred as the auto industry continues to embrace connected car technology.
The compromised data comprises registered email addresses, unique chassis and navigation terminal numbers, vehicle locations and timestamps, and even video recordings from the vehicles’ ‘drive recorders’. Toyota, the Japanese auto giant, has blamed the incident primarily on an inadequate explanation and attention to data handling rules.
Toyota is currently notifying affected customers through their registered email addresses, providing information about potential exposure of their in-vehicle terminal ID, chassis number, vehicle location data, and time logs. To address customer queries and concerns, a dedicated call centre is being set up.
Despite this breach, the company assured that the compromised information wouldn’t allow identification of customers, based on this data alone. “We have not confirmed any secondary use of customer information on the Internet by a third party, or whether or not there are any copies remaining, regarding customer information that may have been viewed from the outside,” the company statement read.
Post-discovery, measures to block external access have been implemented, and a thorough investigation of all cloud environments is underway. The data breach incident has inevitably put Toyota under scrutiny, pushing it to prioritize data security and customer trust.
Toyota’s upcoming models, including the much-anticipated Urban Cruiser Icon SUV and FRONX-Based SUV-Coupe, are expected to rival popular models like Hyundai Creta, underscoring the need for a robust data privacy infrastructure in this era of connected vehicles.