Toyota Customer Data Reportedly Exposed For A Decade

Toyota customer data was reportedly exposed for a decade. Millions of Toyota drivers had their data exposed, and here is everything you need to know. The data was just sitting exposed for up to a decade.

Toyota Customer Data Exposed

Toyota Customer Data Exposed

Japanese automaking giant Toyota stored sensitive data on millions of vehicles was reportedly exposed on the internet for a decade, recent findings have revealed. The data in question was available for just about anyone who knew where to look, the company has now confirmed.

In a security notice that was published on the newsroom website of the company, the information about the location of 2.15 million Toyota owners was sitting in a cloud database that was unprotected between November 6, 2013, and April 17, 2023.

Notice Shred by Toyota in Regards To the Incidence

“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” a translation of the notice shared reads.

“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologize for causing great inconvenience and concern to our customers and related parties.”

How the Data Was Exposed

It now seems that Toyota kept an unprotected database of its customers using its T-Connect G-Link, G-Link Lite, and G-BOOK, which is its car infotainment system used for things such as voice assistance, customer service, car status and management, and similar other features. The reported data that was exposed in the breach included in-vehicle GPS navigation and terminal ID number, chassis number, as well as vehicle location, and even time data.

The Exposed Data Is Pseudonymous

The silver lining with all of this is that the data is pseudonymous, so unless that the attackers knew the vehicle identification number (VIN) of the cars of their target, it was very much impossible to connect the data with the users. It is that simple. But still, people with physical access to Toyota cars could easily obtain this number relatively easily. 

Other Pieces of Data Believed To Be Exposed

Toyota also stated that there is a possibility that video recordings that were taken outside the vehicles were also exposed in the reported incident. These recordings in question were being made for almost seven years between November 2016 and April 2023.



Please enter your comment!
Please enter your name here