Have you ever had the feeling that you are being tracked? Well, if you’re a Toyota driver, you may have been. Toyota ha revealed in a statement that the locations of 2,150,000 of its customers were at risk of default between November 6, 2013 and April 17, 2023.
The information that was at risk specifically included the vehicle’s GPS and navigation terminal identification number, chassis number, and vehicle location with time data. This information is related to Toyota’s cloud-based Connected service, which is used to remind owners to perform maintenance, stream in-car entertainment and help find owners during emergency situations. Users who used services such as Toyota ConnectedG-Link and G-Book were potentially affected.
another statement Toyota points out that the video recordings could also have been leaked as part of the problem. These recordings would have been taken outside the car.
It’s important to note that the data was simply at risk of being accessed, but Toyota says there’s no evidence that it was actually misused in any way. Also, while the data included location information, there was no personally identifiable information, so unless a potential bad actor knew a car’s VIN (or chassis) number, they wouldn’t have been able to use the data to track someone down. someone in particular.
Still, a VIN number is relatively easy to find, so if a hacker had access to the data and enough motivation to track someone down, it’s very possible they would have. Toyota says the problem has been fixed and the data is no longer accessible.
In case you’re wondering if your car was affected as part of the problem, Toyota says it has sent apology notices to all affected customers and has set up a call center to handle related inquiries.
This is not the first data breach to afflict Toyota in recent times. At the end of last year, the company revealed that the Email addresses of nearly 300,000 customers were leaked into an accidentally public GitHub account. Similar to the new data issue, at the time, Toyota said there was no evidence that anyone actually accessed the leaked information.