Toyota Motor Corporation has disclosed a data breach in its cloud environment, exposing the car-location information of 2,150,000 customers for a period of ten years. The breach was a result of a database misconfiguration, allowing unauthorized access without a password. The affected customers had used Toyota’s T-Connect G-Link, G-Link Lite, or G-BOOK services between January 2012 and April 2023. The exposed information includes GPS navigation terminal ID numbers, chassis numbers, and vehicle location information with time data. While there is no evidence of misuse, unauthorized users could have accessed the historical and real-time location of the affected cars. The exposed data does not include personally identifiable information, but if combined with the VIN of a target’s car, it could potentially be used for location tracking. Additionally, there is a possibility that video recordings taken outside the vehicle were also exposed during the breach. Toyota plans to notify affected customers individually and has set up a call center to address their concerns.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.
Source: Bleeping Computer