Toyota Japan Admits to Exposing Millions of Customers’ Vehicle Details on the Public Internet
A Decade-Long Security Lapse
In a shocking revelation, Toyota Japan has apologized for leaving millions of customers’ vehicle details on the public internet for an entire decade. The car manufacturer revealed that it will notify approximately 2.15 million customers whose personal and vehicle information were left exposed to the internet after a "cloud misconfiguration" was discovered in April.
Exposed Data Includes:
- Registered email addresses
- Vehicle-unique chassis and navigation terminal numbers
- Location of vehicles and what time they were there
- Videos from the vehicle’s "drive recorder," which records footage from the car
The exposed data pertains only to vehicles in Japan, according to Toyota. The company’s connected service provides customers with information about their vehicle, offers in-car entertainment services, and helps notify authorities in the event of an accident or breakdown.
Lexus Car Owners Also Affected
Toyota has also announced that Lexus car owners who signed up for the G-Link service are also affected by this data exposure. The company stated that the data was secured, but there have been no reports of the data being obtained or maliciously used.
Insufficient Security Measures?
However, it is unclear if Toyota has adequate logging in place to detect any potential data exfiltration from its network. In response to this security lapse, Toyota has promised to introduce a system to monitor its cloud, indicating that its existing efforts were insufficient.
Previous Data Breach
This incident marks the second significant data breach faced by Toyota within recent years. In 2022, the company admitted to exposing about 300,000 customer email addresses for nearly five years after a subcontractor inadvertently uploaded part of the company’s source code to the internet. The exposed data included a private key that stored customer email addresses.
Potential Consequences
The exposure of sensitive customer information raises concerns about potential identity theft and other malicious activities. It remains unclear what actions Toyota will take to rectify this situation and prevent similar incidents in the future.
Related Developments
This incident highlights the importance of robust cybersecurity measures for companies handling sensitive customer data. With the increasing reliance on connected services, car manufacturers must prioritize security to protect their customers’ information.
Contact Information
If you have more information about this Toyota security lapse or work at Toyota, you can contact Zack Whittaker on Signal at +1 646-755-8849 or zack.whittaker@techcrunch.com. You can also share files and documents securely via SecureDrop.
Security Editor: Zack Whittaker
Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com. You can submit files and documents securely via SecureDrop.
Other Security Incidents
Some recent security incidents include:
- Duolingo sees a 216% spike in US users learning Chinese amid TikTok ban and move to Red Note
- Tesla to split $100M award for electric truck charging corridor in Illinois
- Bluesky is getting its own photo-sharing app, Flashes
- Colossal Biosciences raises $200M at $10.2B valuation to bring back woolly mammoths
Subscribe to TechCrunch Newsletters
Stay informed about the latest tech news with our newsletters:
- TechCrunch Daily News: Get the best of TechCrunch’s coverage every weekday and Sunday
- TechCrunch AI: Stay up-to-date on the latest news in the fast-moving field of artificial intelligence
- TechCrunch Space: Get the latest advances in aerospace every Monday
Subscribe to Startups Weekly
Get the core of TechCrunch delivered weekly with our Startups Weekly newsletter.
Contact Us
Submit your email address to subscribe to our newsletters and stay informed about the latest tech news. By submitting your email, you agree to our Terms and Privacy Notice.
