Toyota Motor Corp stated on Friday that 296,000 pieces of customer information might have been leaked from its T-Connect service. It means that the email addresses and customer numbers of those who use T-Connect are potentially leaked. It is a telematics service that connects vehicles through a network. These customers include those who signed up to the service’s website using their email addresses since July 2017.
According to the statement, third-party access could not be confirmed from the access history of the data server where the information was stored based on security experts’ investigation, Toyota said in a statement. At the same time, it added that third-party access “could not be completely ruled out.”
There was no possibility, though, that users’ sensitive personal information, such as names, phone numbers, or credit card information, were leaked, Toyota said. The Japanese automaker did not confirm cases of the information being misused but cautioned that there is a possibility of spamming, phishing scams, and unsolicited email messages being sent to the users’ email addresses. The automaker said a contractor that developed the T-Connect website accidentally uploaded parts of the source code with public settings from December 2017 until Sept. 15 this year.
The apology
Toyota apologized, “We sincerely apologize for causing great inconvenience and concern to our customers.”The incident occurred after the T-Connect website’s development subcontractor who Toyota did not name “mistakenly” uploaded part of the source code to its account on GitHub, an internet hosting service owned by Microsoft.
The subcontractor’s account was set to public, “in violation of the handling rules”, Toyota said. “From December 2017 to September 15, 2022, a third party was able to access part of the source code on GitHub,” Toyota said. “It was discovered that the published source code contained an access key to the data server and by using it, it was possible to access the email address and customer management numbers stored in the data server.”
The average cost of a data breach hit a record high of $4.35 million in 2022, which is 2.6 percent higher than last year, US technology company IBM said in an August report. This is also up by about 13 percent from 2020. Toyota joins a string of high-profile companies that have had their data and customer information compromised, including Samsung Electronics, LinkedIn, Cisco, Twitter, and Facebook. The carmaker said it would begin to send individual notifications and apologies to affected users, and that it had set up a dedicated call center to answer questions and concerns. “In addition, we have prepared a special form on our website that allows you to check whether your email address is subject to this campaign,” it said.