Toyota Motor Corporation, the world's largest automaker, has announced that the vehicle data of 2.15 million users in Japan has been publicly available for 10 years due to "misconfiguration of the cloud environment."
The incident, which began in November 2013 and lasted until mid-April of this year, affected almost the entire customer base who signed up for its main cloud service platforms since 2012, including customers of its luxury brand Lexus.
According to Reuters, the incident was caused by human error, which led to a cloud system being set to public instead of private. The publicly available data included things such as vehicle locations and identification numbers of vehicle devices. However, the company said there were no reports of malicious use of the information.
In a public statement, Toyota said it believes the "main reason for this incident was insufficient explanation and thoroughness of rules for data handling."
The automaker also said it would introduce a system to audit cloud settings, establish a system to continuously monitor settings, and thoroughly educate employees on data handling rules.
This mishap is especially unfortunate as Toyota is currently placing a strong emphasis on vehicle connectivity and cloud-based data management, both of which are integral to the development of autonomous driving and other AI-powered capabilities.
Japan's Personal Information Protection Commission has been informed about the incident but has not provided further details in line with its practice of not commenting on individual incidents.
This latest incident only adds to the list of challenges that Koji Sato, Toyota's newly appointed CEO, has had to face since taking over from Akio Toyoda on April 1st. The company has already admitted to safety test problems at Daihatsu, its affiliate, and has received shareholder proposals from European asset managers calling for greater transparency regarding their lobbying efforts on climate change.
Follow SecureWorld News for more stories related to cybersecurity.