Blog

Geekheads News

Toyota Disclosed Data Breach

Toyota Disclosed a Ten-Year Long Data Breach. 2 Million Customers’ Car Location Data Was Exposed.

Toyota Motor Corporation issued a notice on the company’s Japanese newsroom disclosing a data breach of ten years. A database misconfiguration in its cloud environment leads to exposing of the car-location data of 2,150,000 customers.

The misconfiguration allowed unauthorized people to access the database without needing a password. The data breach exposed information between November 6, 2013, and April 17, 2023.

What Data Was Exposed?

The victims were people using Toyota’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2, 2012, and April 17, 2023. T-Connect is a smart service by Toyota cars that provides voice assistance, customer service support, car status and management data, and emergency help.

The misconfigured database revealed the following data:

  • the chassis number
  • the in-vehicle GPS navigation terminal ID number
  • the vehicle’s location and time data

Until now there is no sign that the leaked data was used in a malicious way. However, hackers could have seen the real-time location of 2.15 million vehicles.

Another good news is that the exposed data do not contain any personally identifiable information. So cybercriminals can’t use it to track people. But this could change if a threat actor finds out the VIN (vehicle identification number) of a victim’s car.

Video Leaks

The organization also mentioned the possibility of video leaks linked to this data breach. Video recordings from outside the cars, taken between November 14, 2016, and April 4, 2023, might have been exposed.

Source

Questions?
020 3637 6095
support@geekheads.co.uk

Posted by