As connected cars become mainstream globally, Toyota has issued an apology after it discovered that millions of customers’ partial data was made public “due to misconfiguration of the Cloud environment” for a decade.
The automaker said it will notify nearly 2.15 million customers in Japan whose personal and vehicle information were left exposed on the web from November 6, 2013 to April 17, 2023.
The exposed data includes registered email addresses, vehicle-unique chassis and navigation terminal numbers, the location of vehicles and what time they were there, and videos from the vehicle’s “drive recorder”.
“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations including all cloud environments. We apologise for causing great inconvenience and concern to our customers and related parties.
The company is individually sending an apology and notification to the registered email address for customers whose in-vehicle terminal ID, chassis number, vehicle location information, and time may have been leaked.
“In addition, we will set up a dedicated call centre to answer questions and concerns from customers,” said the Japanese giant.
The company said that the main reason for this incident was insufficient explanation and thoroughness of rules for data handling.
“This time, customer information that may have been viewed from the outside will not identify the customer based on this data alone, even if accessed from the outside,” it said in a statement.
Since the discovery of this matter, “we have not confirmed any secondary use of customer information on the Internet by a third party, or whether or not there are any copies remaining, regarding customer information that may have been viewed from the outside”.