The vehicle data of 2.15 million Toyota users in Japan had been publicly available for a decade due to human error, the carmaker said on Friday.
The issue affected almost the entire customer base who signed up for Toyota’s main cloud service platforms since 2012 and also customers of its luxury brand Lexus.
The leak stemmed from human error, after a cloud system was set to public instead of private, a Toyota Motor spokesperson said.
The issue began in November 2013 and lasted until mid-April this year, the spokesperson said. It could encompass details such as vehicle locations and identification numbers of vehicle devices, but there were no reports of malicious use, the company said.
“There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,” the spokesperson said in response to why it took time to realise there had been an error.
Toyota said it would introduce a system to audit cloud settings, establish a system to continuously monitor settings, and thoroughly educate employees on data handling rules.
Affected customers included those who signed up for the T-Connect service that provides a wide range of services including AI voice-enabled driving assistance, auto connection to call centres for vehicle management, and emergency support in such cases as a traffic accident or sudden illness.
Also affected were users of G-Link, a similar service for owners of Lexus vehicles.
Steps taken to block outside access
The incident comes as the world’s biggest automaker by sales makes a push into vehicle connectivity and cloud-based data management which are seen as crucial to offering autonomous driving and other artificial intelligence-backed features.
Japan’s Personal Information Protection Commission has been informed about the incident, one of its officials said, but declined to provide further details, in line with its practice of not commenting on individual incidents.
Toyota said steps to block outside access to the data were taken after the issue was discovered and an investigation into all cloud environments managed by Toyota Connected Corp was being carried out.
Large leaks of personal data occasionally happen in Japan. In March, mobile carrier NTT DoCoMo said data of up to 5.29 million customers may have leaked via a company to which it outsourced work.
The incident adds to a raft of challenges facing Koji Sato who took over as Toyota CEO on April 1 from Akio Toyoda, grandson of the company’s founder.
Since he took office, Toyota has admitted safety test problems at its affiliate Daihatsu. It has also received a shareholder proposal from a trio of European asset managers to improve disclosure of its lobbying on climate change.
- Reuters, with additional editing by Vishakha Saxena