Friday, September 13, 2024
HomeCyber Security NewsToyota Discloses Data Breach - Customers' Personal Information Exposed

Toyota Discloses Data Breach – Customers’ Personal Information Exposed

Published on

Toyota Motor Corporation reveals a data breach that may have compromised the personal information of its customers after an access key was made available to the public on GitHub for over five years.

The data breach at Toyota Kirloskar Motor, a joint venture with Indian giant Kirloskar Group, has been reported to the appropriate Indian authorities, according to Toyota India.

“Toyota Kirloskar Motor (TKM) has been notified by one of its service providers of an incident that might have exposed the personal information of some of TKM’s customers on the internet”, Toyota Kirloskar Motor (TKM) stated in an email statement.

- Advertisement - EHA

A Portion of T-Connect Site Source Code Published On GitHub

The carmaker recently learned that some of the source code for its T-Connect website was unintentionally posted on GitHub. The report stated that around 296,000 customer records may have been compromised due to this issue.

The company built the T-Connect app, which gives car owners access to the infotainment system of their vehicle and allows them to keep an eye on who has access to it.

Along with the code, the data server access key that held client data such as email addresses and management numbers was also included. By a developer subcontractor, the source code was exposed.

“In December 2017, the “T-Connect” website development subcontractor mistakenly uploaded part of the source code to their GitHub account while it was set to be public, in violation of the handling rules”, according to the notice published by the company.

“This incident was caused by the inappropriate handling of the source code by the development contractor company. We will proceed”.

According to the reports, between December 2017 and September 15, 2022, an unauthorized third party might have had access to the information of Toyota consumers. 296,019 clients are affected, the GitHub repository was locked in September 2022, and the keys were modified.

Although there are no indications of data theft, the Japanese manufacturer comes to the conclusion that it is impossible to completely rule out the possibility that someone may have accessed and stolen the data.

“As a result of an investigation by security experts, although we cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored; at the same time we cannot completely deny it. We now have.” reads the notice published by the company.

Notably, the Company declared that it will apologize and notify each affected consumer separately. Toyota has set up a separate form for users to check if their data was exposed on its website.

Lookout for Scams

Users of T-Connect who signed up between July 2017 and September 2022 may be subject to scams and other types of fraud. The company advises customers to be on the lookout for such scams.

Here it’s possible that spam emails like “spoofing” or “phishing schemes” could be sent using email addresses. 

“If you receive a suspicious e-mail with an unknown sender or subject, there is a risk of virus infection or unauthorized access, so please do not open the attached file and immediately delete the e-mail itself. Please be careful when accessing the address (URL) described in the email”, reads the notice.

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace...

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....