Have you ever felt like someone might be tracking you? If you drive a Toyota, you might not be imagining things. Toyota recently revealed that the locations of 2,150,000 customers were potentially compromised between November 6, 2013, and April 17, 2023.
The information at risk included vehicle GPS data, navigation terminal ID numbers, chassis numbers, and the location data linked to specific times. This information pertains to Toyota’s cloud-based Connected service, which reminds owners about maintenance, streams entertainment, and helps locate owners during emergencies. The affected users were those who utilized services such as Toyota Connected, G-Link, and G-Book.
Toyota also mentioned that video recordings taken outside of the car could have been leaked as part of this issue. However, it’s worth noting that while the data was at risk, there is no evidence that it was actually misused. Additionally, although the data included location information, it didn’t contain any personally identifiable information. Therefore, someone would need the vehicle identification number (VIN) or chassis number to track an individual, which theoretically could make tracking someone difficult. However, VIN numbers can be relatively easy to find, so if a hacker had access to this data and was determined, they potentially could have tracked someone.
Toyota has assured that the problem is fixed and the data is no longer accessible. They’ve sent apology notices to all the affected customers and set up a call center to address any concerns.
This isn’t the first time Toyota has faced a data leak. Late last year, the company reported that almost 300,000 customers’ email addresses were exposed due to an accidentally public GitHub account. Similarly, in that case, Toyota found no evidence that anyone accessed the leaked information.