Almost the entire Toyota Motor Corporation customer base in Japan – some 2.15 million people – has had their vehicle data publicly available for a decade, the automaker has admitted.
A notice on the matter was issued by Toyota’s Japanese newsroom. It stated:
“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation [known as TC] to manage had been made public due to misconfiguration of the cloud environment.”
The leak is from Toyota’s main cloud-based service platforms and began in November 2013 and lasted until mid-April this year. Customers using the T-Connect and G-Link services – for Lexus vehicles – were affected.
Data and information that “may have been viewed” by outside parties included a vehicle’s location, chassis number, and the time of day.
A second statement from Toyota said video footage taken outside of a vehicle with its drive recorder was also part of the data leak, which was exposed from November 2016 to April 2023.
The error has since been corrected, and Toyota says it is “continuing to conduct investigations including all cloud environments managed by TC”.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThe data exposed was not personally identifiable information, meaning would not have been possible to track a vehicle’s owner unless someone had a vehicle identification number.
What caused the leak?
The cause of the data leak was down to human error, Toyota said.
“We believe that the main reason for this incident was insufficient explanation and thoroughness of data handling rules.” Media reports say that a cloud system setting was set to ‘public’ instead of ‘private’.
A spokesperson told Reuters: “There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public.”
The automaker has said it will “collaborate closely” with TC, introduce a system to audit cloud settings and educate employees on data handling to prevent a recurrence.
Toyota apologised for the “great inconvenience” and concern the leak caused to customers and related parties.