Toyota has become a victim of yet another cyber security breach, but this time, the victims are Indian customers. The company informed on Sunday that a data breach at its Indian subsidiary may have exposed the personal information of some customers.
Toyota India has informed the relevant state authorities about the data breach at Toyota Kirloskar Motor (TKM) — a joint venture with the Indian conglomerate Kirloskar Group.
An official email statement read:
Toyota Kirloskar Motor (TKM) has been notified by one of its service providers of an incident that might have exposed personal information of some of TKM’s customers on the internet.
The statement did not disclose the scope of the data breach or the number of customers affected.
Not the First Time
Toyota Motors’ T-Connect service may have leaked approximately 296,000 customer records due to an unrelated issue, the company said in October. A report specified that the leak may have occurred due to the public availability of its access key on GitHub, which they didn’t know about for five years.
The company realized that someone had inadvertently uploaded the T-Connect website’s source code on GitHub. This code had an access key to the data server which kept customer email addresses and management numbers.
This allowed unauthorized third-party access to the information of 296,019 customers between December 2017 and September 15, 2022. On September 17, 2022, someone changed the database keys, eliminating the possibility of unauthorized access.
The automaker clarified that the hackers did not get access to client names, credit card information, and telephone numbers as they were in a different database. Regardless, the data leak became a PR disaster for the world’s largest carmaker.
