Breaking

Toyota Data Breach Exposes Car Location Information of 2.15 Million Customers

Toyota Motor Corporation recently revealed a significant data breach on its cloud environment, exposing the car-location information of approximately 2.15 million customers over a ten-year period.

The breach occurred between November 6, 2013, and April 17, 2023, due to a misconfiguration in the company’s database.

A security notice published in Toyota’s Japanese newsroom explained that the misconfiguration allowed unrestricted access to the database contents without requiring a password.

The notice stated that the breached data was part of the information entrusted to Toyota Connected Corporation for management.

Exposed Information and Services

The data breach compromised the car-location details of customers who utilized Toyota’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012, and April 17, 2023.

T-Connect is a comprehensive in-car smart service offered by Toyota, providing features such as voice assistance, customer service support, car status and management, and on-road emergency assistance.

Details of the Exposed Data

The misconfigured database exposed several pieces of information, including the following:

  1. In-vehicle GPS navigation terminal ID number
  2. Chassis number
  3. Vehicle location information with time data

Although the exposed details do not include personally identifiable information, it is worth noting that the data leak alone cannot be used to track individuals unless the attacker possesses the vehicle identification number (VIN) of a target car.

VINs, also known as chassis numbers, are relatively accessible, meaning an attacker with sufficient motivation and physical access to a target’s car could potentially exploit the decade-long data leak for location tracking purposes.

Possible Exposure of Video Recordings

A separate statement released by Toyota on the ‘Toyota Connected’ website mentioned the potential exposure of video recordings captured outside the vehicle.

This incident involved a period spanning nearly seven years, from November 14, 2016, to April 4, 2023. While the impact on car owners’ privacy due to the exposed videos may vary depending on the conditions, time, and location, it is important to note that the disclosure of these recordings is not expected to significantly compromise their privacy.

Toyota’s Response and Customer Support

Toyota has expressed its apologies for any inconvenience and concern caused to its customers and related parties. The company has taken immediate measures to block external access following the breach’s discovery.

Additionally, Toyota plans to individually notify affected customers and establish a dedicated call center to handle any inquiries or requests they may have. This proactive approach aims to address customer concerns and provide necessary support.

Previous Data Breach Incident

In October 2022, Toyota had already informed its customers about another data breach incident related to the exposure of a T-Connect customer database access key on a public GitHub repository.

During that breach, unauthorized access occurred between December 2017 and September 15, 2022, affecting the details of 296,019 customers. The unauthorized third party gained access to the GitHub repository, prompting Toyota to restrict external unauthorized access to prevent further breaches.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

2 days ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago