Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.

According to a security notice published in the company's Japanese newsroom, the data breach resulted from a database misconfiguration that allowed anyone to access its contents without a password.

"It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment," reads the notice (machine translated).

"After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologize for causing great inconvenience and concern to our customers and related parties."

Exposed car location and videos

This incident exposed the information of customers who used the company's T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012, and April 17, 2023.