“The E-mail addresses and customer management numbers of some customers who have signed up for “T-Connect”, 296,019 cases were found to have been leaked”, Toyota
“We sincerely apologize for causing great inconvenience and concern to our customers”.
Toyota Data Breach
The company’s data leak was due to the company’s source code of the user site of “T-Connect” being posted on GitHub for above three years.
“It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server”, Toyota explains.
They ensured to change the access key of the data server with other necessary preventive steps. No secondary damage has been confirmed.
The company said the personal information such as e-mail address and customer management number were leaked. Other information such as name, phone number, credit card, etc. is not affected.
Toyota also explained that the “T-Connect” website development subcontractor wrongly uploaded part of the source code to their GitHub account while it was set to be ‘public’.
“This incident was caused by the inappropriate handling of the source code by the development contractor company”, Toyota
The company further said they would write to users individually in case any illegal activity is detected.
“In addition, we have prepared a special form on our website that allows you to check whether your email address is subject to this campaign”, Toyota
In this case, it is possible that spam e-mails such as “spoofing” or “phishing scams” using e-mail addresses may be sent. Therefore, the company requested not to open any suspicious email with an unknown sender or subject.
Thus, there is a risk of virus infection or unauthorized access, so please do not open the attached file and immediately delete the e-mail itself, concludes the report.