Security News > 2023 > May > Toyota: Car location data of 2 million customers exposed for ten years
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
While there is no evidence that the data was misused, unauthorized users could have accessed the historical data and possibly the real-time location of 2.15 million Toyota cars.
A car's VIN, also known as chassis numbers, are easily accessible, so someone with enough motivation and physical access to a target's car could theoretically have exploited the decade-long data leak for location tracking.
A second Toyota statement published on the Japanese 'Toyota Connected' site also mentions the possibility of video recordings taken outside the vehicle having been exposed in this incident.
Toyota has promised to send individual apology notices to impacted customers and set up a dedicated call center to handle their queries and requests.
In October 2022, Toyota informed its customers of another lengthy data breach resulting from exposing a T-Connect customer database access key on a public GitHub repository.