Toyota Databreach for Ten Years Exposes Car Location Data of over 2M Customers

November 30, 2023

INCIDENT

Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. "It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment," reads the notice (machine translated). No customers are believed to be at risk of criminals tracking down a user’s car, as they would be difficult to track without knowing a target vehicle’s VIN.

This incident exposed the information of customers who used Toyota's in-car smart service T-Connect for voice assistance, customer service support, car status and management, and on-road emergency help between January 2, 2012, and April 17, 2023.

Incident Date

April 17, 2023

Location

Japan

Estimated Cost


No cost values disclosed.

Type of Malware

No Malware identified

Threat Source

No threat source identified