Toyota Motor said on Friday the vehicle data of 2.15 million users in Japan, or almost the entire customer base who signed up for its main cloud service platforms since 2012, had been publicly available for a decade due to human error.
The incident, which also affected customers of its luxury brand Lexus, comes as the world’s biggest automaker by sales makes a push into vehicle connectivity and cloud-based data management which are seen as crucial to offering autonomous driving and other artificial intelligence-backed features.
The issue, which began in November 2013 and lasted until mid-April, stemmed from human error, leading to a cloud system being set to public instead of private, a Toyota spokesperson said. It could encompass details such as vehicle locations and identification numbers of vehicle devices, but there were no reports of malicious use, the company said.
“There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public,” the spokesperson said in response to why it took time to realise there had been an error.
Toyota said it would introduce a system to audit cloud settings, establish a system to continuously monitor settings, and thoroughly educate employees on data handling rules.
Affected customers included those who signed up for the T-Connect service that provides a wide range of services including AI voice-enabled driving assistance, auto connection to call centres for vehicle management, and emergency support in such cases as a traffic accident or sudden illness.
Also affected were users of G-Link, a similar service for owners of Lexus vehicles.
Japan’s Personal Information Protection Commission has been informed about the incident, one of its officials said, but declined to provide further details, in line with its practice of not commenting on individual incidents.
Toyota said steps to block outside access to the data were taken after the issue was discovered and an investigation into all cloud environments managed by Toyota Connected Corp was being carried out.
Large leaks of personal data occasionally happen in Japan. In March, mobile carrier NTT DoCoMo (9432.T) said data of up to 5.29 million customers may have leaked via a company to which it outsourced work.
The incident adds to a raft of challenges facing Koji Sato who took over as Toyota CEO on April 1 from Akio Toyoda, grandson of the company’s founder.
Since he took office, Toyota has admitted safety test problems at its affiliate Daihatsu and received a shareholder proposal from a trio of European asset managers to improve disclosure of its lobbying on climate change.