The researcher found the security flaws and the data leakage early this year, and he informed Honda of his findings in mid-March. The vendor acknowledged the problems right away and congratulated the white hat hacker for his efforts but did not compensate him because it lacked a bug bounty program. Honda reported that it did not discover any proof of malicious exploitation.
Source: GBHackers