Toyota Motor Corporation has disclosed a data breach that exposed the vehicle location data of 2,150,000 customers for the past ten years. The breach was caused by a misconfiguration in a database that allowed anyone to access its contents without a password.

The data that was exposed includes the following:

• In-vehicle GPS navigation terminal ID number
• Chassis number
• Vehicle location information with time data

Other information which is rumored to have been exposed but is not proven:

• Exposed video by the vehicle's cameras (drive recorder) 
• Exposed VIN information

This is the second data breach that Toyota has disclosed in recent months. In October 2022, the company announced a data breach that exposed the personal information of 296,019 customers.

Toyota has said that it is improving its security and preventing future data breaches. The company has hired a third-party security firm to review its security practices independently and is also working to implement new security measures, such as multi-factor authentication.

In addition to these measures, Toyota said it will "thoroughly educate employees and work to prevent recurrence" of the data breach. The company will also introduce "a system to audit cloud settings, conduct a setting survey of the cloud environment and build a system to monitor the setting status on an ongoing basis."

The biggest concern relating to this data breach, besides broken trust, is the ability of bad actors to link a vin back to an individual's personal information. Currently, multiple free people search companies can easily connect a vin to a name and a home address. 

Customers who believe that their information may have been compromised in the Toyota data breach can contact the company at the following number:

• 1-800-331-4331