Toyota Kirloskar Motor on Sunday reported a data breach in its system but said the extent of the intrusion was being confirmed.
In a statement, the company said it was « informed by one of its service providers of an incident that may have exposed the personal information » of some of its customers on the Internet.
The relevant authority CERT-In (Indian Computer Emergency Response Team) under the Ministry of Electronics and Information Technology has been notified, it added.
« In light of this incident, TKM will work with its service provider to reinforce existing guidelines and is committed to avoiding any type of inconvenience to our valued customers, » the company claimed, apologizing « for any concerns » the incident may have caused its customers.
No further details have been provided at this time as to the number of customers affected or the data exposed.
In October, Toyota had already said that the personal information of nearly 300,000 customers may have been exposed since July 2017. The Japanese automaker said that the email addresses and customer management numbers of some customers who subscribe to T-Connect had been leaked.
In fact, from December 2017 to September 15, 2022, a third party was able to access some of the company’s source code on GitHub.
« It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the email address and customer management number stored in the data server, » Toyota specified.
Toyota is now individually sending an apology and notification to the registered email address of any customer whose email address or customer management number may have been disclosed.
According to the company, the incident was caused by the improper handling of the source code by the development contracting company.
« At this time, we have not confirmed the unauthorized use of personal information in connection with this case, but it is possible that unsolicited emails (spam), such as email spoofing or phishing, may be sent, » it warned
This is the latest in a series of cyber-breaches where personal customer data has been exposed. The attacks have targeted both private and public companies. In December, the data of nearly 30 million Indian Railways passengers was reportedly exposed and made available on the dark web.