Toyota apologizes for data exposure of more than 2 million vehicles in Japan

Toyota said Friday that a “cloud misconfiguration” exposed information on more than 2 million vehicles in Japan for more than a decade.

The automaker apologized to users of the onboard T-Connect driver assistance and emergency contact system for Toyotas and the similar G-Link technology for its Lexus brand.

The data was publicly available from November 2013 until last month, Toyota said, but there were no signs that it was collected and used by anyone who wasn’t authorized to do so. The exposed information included in-vehicle terminal IDs, chassis numbers and vehicle locations, the company said.

The exposed data alone would not necessarily be enough to identify individual people, Toyota said.

The company attributed the problem to human error and said it was instituting “a system to audit cloud settings.” The announcement did not specify if the cloud environment was hosted by an outside vendor. T-Connect is run by a subsidiary known as Toyota Connected Co.

The company said it was contacting individual customers about the leak and setting up a hotline for questions.

The incident follows a separate but much smaller data exposure involving T-Connect that Toyota revealed in October.

In April, Toyota also said that security lapses at its offices in Italy may have exposed customer data.