Toyota has now confirmed the error. At first she had Reuters news agency reported on the security incident at Toyota.
Accordingly, customer data connected to the cloud service platforms T-Link from Toyota and G-Link from Lexus were affected. Shockingly, these databases have been publicly available for about a decade, which early findings indicate is due to human error at the company. The data was publicly viewable between November 2013 and April 2023, but no malicious use of the data was reported.
Infographic Security on the Internet: Germans are afraid of data misuse
In concrete terms, this means that users of Toyota or Lexus services run the risk of data being disclosed and possibly misused – but there is no evidence that the data was tapped. According to Toyota, there was no security mechanism that warned that the data could be viewed by unauthorized third parties. However, there is currently no confirmation that the error was noticed by Toyota scammers and exploited by them. Reuters reports that it is not yet clear which data has been published exactly. It is assumed that it could primarily be vehicle locations and vehicle identification numbers.
investigations are ongoing
Toyota is now facing an official investigation by the Japanese authorities. Whether penalties will be imposed on Toyota afterwards depends on the results. Toyota customers worried about their data must now also await the investigations.
- Toyota: Data leak due to human error, publicly available for 10 years.
- Customer data affected but no malicious use reported.
- Risk of data disclosure and misuse.
- Investigation by Japanese authorities, penalties possible.
- Customers must await investigations.
- Suspected vehicle locations and vehicle identification numbers affected.
- No safety mechanism that warned about the error.
See also: