"Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation’s (TC) cloud systems.
TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.
As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included. "
They say it’s cloud breach by I didn’t see what kind of cloud breach. Did I just miss it or was it not mentioned?
This is the official statement I think: https://global.toyota/jp/newsroom/corporate/39174380.html but it’s light on details (I think, I google translated)
From reading around it looks like it was either a compute instance or a database exposed by mistake, nothing sophisticated.