Last year’s story with the leakage of personal data of users of the Toyota T-Connect service received an unexpected continuation. As it turned out, due to a mistake in the settings, almost the entire customer base of Toyota and Lexus had been in the public domain for about ten years. The attackers may have learned the vehicle’s identification number and location, but the company says they are not aware of any “bad use” of that data.
Japanese subscribers to the T-Connect service, which provides access to online speech recognition and concierge services, as well as customers of a similar G-Link system from Lexus, were again at risk. Toyota has already notified the Commission on the Protection of Personal Information about the incident and blocked external access to the cloud database. When asked why this had not been done before, a company representative replied that they did not have the necessary tools to track leaks.