Toyota Japan confirms decade-long security breach

Onur Demirkol
May 15, 2023

Toyota Japan has confirmed that due to a cloud misconfiguration, the personal and vehicle information of 2.15 million users was leaked on the internet. Moreover, the information has been on the internet for a decade now, but the company discovered it recently in April.

Customers affected included those who signed up for the T-Connect network service between the beginning of 2012 until April 17. Toyota has apologized to its customers for causing concerns.  According to TechCrunch, Toyota said that the exposed data includes: "registered email addresses; vehicle-unique chassis and navigation terminal numbers; the location of vehicles and what time they were there; and videos from the vehicle’s “drive recorder” which records footage from the car."

It was caused by human error, resulting in a cloud system being configured to public rather than private. Toyota stated that it will implement a system for auditing cloud settings, build up a system for continuously monitoring settings, and properly educate personnel on data management standards. It is unclear what can the bad actors do with this information or if they have already conducted any malicious activities.

Apart from the Toyota drivers who used T-Connect, Lexus users who got their hands on the G-Link app have also been affected by the security breach. According to one of its staff, Japan's Personal Information Protection Commission has been alerted about the event but has declined to disclose any details, in keeping with its policy of not commenting on particular incidents.

Courtesy of: REUTERS/Johanna Geron

The issue began in November 2013

Toyota Japan said that the issue began back in November 2013, which makes it a decade-long security breach. The company noticed it last month, so it lasted until mid-April. “There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,” a spokesperson of Toyota said when asked about why it took the company so long.

Toyota stated that when the vulnerability was detected, precautions were taken to prevent unauthorized access to the data, and an investigation into all cloud environments administered by Toyota Connected Corp started.


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.