(Reuters) – Toyota Motor Corp said on Friday the vehicle data of about 2.15 million users was left publicly available in Japan for about a decade from November 2013 to mid-April.
The incident comes as the world’s biggest automaker by sales makes a push into vehicle connectivity that is seen as crucial to offering services such as autonomous driving and other artificial intelligence-backed features.
The leak, attributed to a setting error in the cloud environment, could encompass details such as vehicle locations and identification numbers of vehicle devices, but there were no reports of malicious use, the company said.
Affected customers included those who signed up for the T-Connect network service from the start of 2012 until April 17, Toyota said, apologizing for causing concern.
Also affected were users of G-Link, a similar service for owners of the luxury Lexus-branded vehicles, that provides features such as emergency support.
The incident stemmed from human error, leading to a cloud system being set to public instead of private, a Toyota spokesperson said, adding that the company would introduce systems to audit and monitor cloud settings continuously.
It will also investigate and thoroughly educate employees about data handling rules, the spokesperson added.
Japan’s Personal Information Protection Commission has been informed about the incident, one of its officials said, but declined to provide further details, in line with its practice of not commenting on individual incidents.
Toyota said steps to block outside access to the data were taken after the issue was discovered and an investigation into all cloud environments managed by Toyota Connected Corp was being carried out.
Large leaks of personal data occasionally happen in Japan. In March, mobile carrier NTT DoCoMo said data of up to 5.29 million customers may have leaked via a company to which it outsourced work.
