Toyota Motor, the world's largest car manufacturer, said on Friday it had identified that about 296,000 pieces of customer information and assigned customer numbers were “mistakenly” leaked from its T-Connect service.
The Japanese automaker published a statement warning its customers that they may be at risk of receiving spam, phishing scams, or malicious texts to their email addresses. Those impacted by the data leak are users who signed up for the service starting July 2017 via their emails.
According to the firm, a total of 296,019 email addresses and customer numbers were possibly leaked, but private data such as customer names, phone numbers, or credit card information remained unharmed. Toyota also has not reported any cases where the leaked customers’ information has been misused yet.
“The email addresses and customer management numbers of some customers who subscribe to 'T-Connect' were found to have been leaked,” Toyota stated. “We sincerely apologize for causing great inconvenience and concern to our customers.”
The incident occurred after an unnamed subcontractor who was a designer for the T-Connect website accidentally uploaded parts of the source code with public settings from December 2017 until September 15 of this year. However, based on security experts' investigation, the car manufacturer hasn’t identified third-party access to the data server where the information was stored.
“From December 2017 to September 15, 2022, a third party was able to access part of the source code on GitHub,” the automaker added. It was discovered that the published source code contained an access key to the data server and by using it, it was possible to access the email address and customer management numbers stored in the data server.”
According to threat analysts, car apps put customers’ private details at risk. Earlier this year in May, security researchers at the cybersecurity firm Kaspersky published a report that more than fifty percent of these apps utilize customers’ personal data without first asking for their consent and that these apps tend to be susceptible to data leaks.
The average cost of a data breach hit a record high of $4.35 million in 2022, which is 2.6 percent higher than last year and 13 percent from 2020, US technology firm IBM said in an August report.
This is not the first time Toyota made headlines for the wrong reasons. Earlier in February, the company suspended Japanese factory operations after a supplier of electronic components was hit by a suspected ransomware attack.
Toyota has joined a series of popular firms that have had their data and user information leaked, including Samsung Electronics, LinkedIn, Cisco, Twitter, and Facebook.