Also isn't it Mazda's fault for creating an API that anyone can access and get information from? Someone in Mazda IT is probably frantically looking for the email chain where he was told to "just make it public" so our outside analysts can use it.
Content providers already block access to content based on locale. It won't be hard to have a flag in the API that turns off functionality based on the callers location.
And then they'll get sued, when that leads to cars getting hacked. I don't know if that's gonna work out in the long run. Car companies are likely to band together to prevent this or make lawful exceptions for themselves in the space.