Toyota Motor Corporation disclosed on May 12, 2023 that vehicle location data and other connected vehicle information for approximately 2.15 million customers in Japan had been publicly accessible for nearly a decade — from November 6, 2013 to April 17, 2023 (approximately 9.5 years). Affected customers were subscribers to Toyota’s connected vehicle services: T-Connect, G-Link, G-Link Lite, and G-BOOK. The misconfiguration was discovered through a new data governance audit program Toyota implemented to proactively review its cloud infrastructure. Exposed data included vehicle GPS location data, in-vehicle terminal identification numbers, vehicle identification numbers (VINs), and timestamps. Dashboard camera footage captured from outside the vehicle was also accessible for a subset of T-Connect members during the period November 14, 2016 to April 4, 2023. Toyota found no evidence of malicious access or data misuse. A follow-up disclosure on May 31, 2023 covered an additional ~260,000 vehicle owners outside Japan whose data was also exposed. Toyota subsequently implemented automated tools to continuously monitor cloud configurations. This incident is entirely separate from the August 2024 Toyota dark web leak (240GB of internal data) documented separately in this repository. The 10-year exposure window made it one of the longest-running cloud misconfiguration incidents on record.