Car manufacturing giant Toyota has admitted that a server containing the data of 296,019 customers was openly-accessible for the past five years.
The company discovered on 15 September that the source code for its T-Connect app and website had been posted on a public GitHub repository in December 2017.
RELATED RESOURCE
The future of work is already here. Now’s the time to secure it.
Robust security to protect and enable your business
Although this in itself was an issue, the issue was compounded with the discovery that the source code included an access key to a data server containing the email addresses of nearly 300,000 customers.
The company has since made the repository private, and changed the access key to the server but the extreme delay in discovering the leak, believed to have been inadvertently made by a third-party developer working on T-Connect, has caused concern.
Customers who had signed up for the company’s T-Connect service since July 2017 are potentially affected by the leak, which exposed email addresses and the customer management number assigned to each customer by Toyota.
Toyota expressed regret for the incident in a blog post and admitted that although there is no evidence that threat actors accessed the information, it cannot be ruled out at this time.
“Having all the email addresses available will give bad actors the chance to start targeted phishing attacks, personalised to the recipient, and if Toyota does not implement continuous email security and anti-phishing training, this could easily result in a far greater security problem than just the leaked emails,” said Markus Strauss, head of product management at Runecast.
Beyond the impact to customers, data breaches and leaks can cause reputational damage to affected firms. The company has warned affected customers to be wary of suspicious emails, and to look out for telltale signs that they are malicious or part of a wider phishing campaign.
“We have no confirmation of a leak of data beyond this information. There is no impact for our customers in Europe,” Toyota told IT Pro in a statement.
“We sincerely apologise for any inconvenience and concern this may have caused to our customers and will continue to work with our contractors to ensure thorough management of the handling of personal information to provide services that our customers can rely on.”
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Three essential requirements for flawless data protectionWhitepaper Want a better CASB and stronger DLP? You have to start with the right foundation
-
The gratitude gapWhitepaper 2023 State of Recognition
-
The top five risks of perimeter firewallsWhitepaper ...and the one way to overcome them all
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
The business value of storage solutions from Dell TechnologiesWhitepaper Streamline your IT infrastructure while meeting the demands of digital transformation
-
Building a data governance strategy in 2023In-depth Data governance will continue to expand as attitudes change and businesses look to optimise the value of their data
