Toyota Motor has announced that the data of 2.15 million customers’ cars was freely available for approximately 10 years, from November 2013 to mid-April 2023. The world’s largest automaker has suffered from its own strategy of relying on the connection of its vehicles to the network. While the use of a network connection is critical for autonomous driving and providing various services using artificial intelligence algorithms, it also led to the data leak.
A configuration error in Toyota’s cloud environment resulted in the disclosure of data on the location of vehicles and identification numbers of the components used in them. Toyota has clarified that there have been no incidents with the use of this data by intruders. The automaker has apologized to car owners who connected to the T-Connect service from the beginning of 2012 to April 17, 2023, and users of a similar service, G-Link, which provides emergency support for owners of Lexus-branded cars.
The incident occurred due to a human error that provided general access to the cloud system instead of limiting it to users with the necessary rights. Toyota has launched tools for continuous verification and monitoring of cloud settings, trained employees responsible for services, and conducted audits of their activities to prevent similar incidents from happening in the future.
The Japanese Personal Information Protection Commission has been notified of the incident, but additional details are not yet provided. Toyota has identified and investigated the incident and taken measures to block unauthorized access to all cloud services operated by Toyota Connected Corp.
This incident highlights the importance of data privacy and security, particularly in the automotive industry, where connected cars are becoming more prevalent. Companies need to ensure that their cloud environments and networks are secure and that they have proper procedures and training to prevent human error from leading to data breaches. Toyota’s prompt response and measures to prevent similar incidents in the future are commendable, but the incident underscores the need for continuous vigilance and improvement.