Toyota Motor announced on Friday that the vehicle data of almost the entire customer base who signed up for its cloud service platforms in Japan, which amounts to 2.15 million users since 2012, had been publicly available for ten years due to human error. This mistake also impacted the customers of the luxury brand Lexus. The world’s largest automaker by sales is currently pushing for vehicle connectivity and cloud-based data management to provide autonomous driving and other artificial intelligence-backed features.
The incident began in November 2013 and lasted until mid-April and was a result of a cloud system being set to public instead of private, according to a Toyota spokesperson. The leaked data could include vehicle locations and identification numbers of vehicle devices, but Toyota claims there have been no reports of malicious use. The spokesperson added that “there was a lack of active detection mechanisms and activities to detect the presence or absence of things that became public,” in response to why it took so long to identify the error.
Toyota intends to introduce an audit system to examine cloud settings, establish a monitoring system to detect anomalies, and provide extensive data handling education to employees to avoid any such future incidents. Customers who signed up for T-Connect service and G-Link service, which offer AI voice-enabled driving assistance, auto connection to call centres for vehicle management, and emergency support for incidents like traffic accidents or sudden illness, were affected by the data leak.
Japan’s Personal Information Protection Commission has been informed of the incident, but refused to comment on individual cases in line with its privacy policies. After discovering the problem, Toyota took measures to block outside access to the data, and the company is investigating all cloud environments managed by Toyota Connected Corp.
Data leaks of this magnitude are rare, and Japan has faced similar challenges in the past. For instance, in March, NTT DoCoMo announced that data of up to 5.29 million customers may have leaked through a company to which it outsourced work.
The recent incident adds to the challenges facing Koji Sato, who took over as Toyota CEO on April 1 from Akio Toyoda, the founder’s grandson. Toyota has acknowledged safety test issues at its affiliate Daihatsu and has received a shareholder proposal from three European asset managers requesting better disclosure of the automaker’s lobbying activities concerning climate change.