Toyota Motor Corporation has revealed a major data breach, one that exposed the location data of some 2 million customers for nearly ten years.
First spotted by BleepingComputer, Toyota Motor Corporation posted a message on its Japan site notifying customers of the issue.
“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” reads the machine-translated notice.
“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologize for causing great inconvenience and concern to our customers and related parties.”
According to the outlet, the breach impacted customers using Toyota’s “T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012, and April 17, 2023.”
In a separate statement, the company said videos taken outside of vehicles may have been left exposed on the internet from November 14, 2016, to April 4, 2023.
As BleepingComputer points out, while the breach is significant, it appears the privacy implications are relatively minor, based on currently known data. While location data and external videos were exposed, without customer records and VIN numbers, it would be extremely difficult for a bad actor to link any of the breached data to a specific customer. Of course, the risk could increase, depending on what is visible in the exposed videos.