Toyota Reveals Massive Data Leak of 300,000 Customers Went Undiscovered For 5 Years

Toyota has acknowledged that since July 2017, there may have been a breach involving the personal data of close to 300,000 customers. The automaker claims that an access key was posted publicly on GitHub for nearly five years. Customers’ email addresses and customer control numbers of people who have used T-Connect were among the sensitive data disclosed in the incident. T-Connect is a network-based service that links users’ phones to their vehicles. A total of 296,019 cases were discovered to have been exposed.

“We sincerely apologize for causing great inconvenience and concern to our customers,” Toyota said.  Additionally, the customer management number and email address are two pieces of sensitive information that could expose, and “other sensitive information such as name, phone number, credit card, etc. is not affected,” it added.

According to Toyota, a website development contractor accidentally uploaded the access key on GitHub. The source code has been made private since the discovery of the leak. However, a substantial portion of the company’s source code was accessible on GitHub to outsiders from December 2017 to September 15, 2022.

“It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server,” the company said.

Any client whose email address or customer management number may have been compromised will receive a personal apology and notification to their registered email address from Toyota. It claimed the situation was brought on by the development contracting company’s improper source code handling.

“At this time, we have not confirmed any unauthorized use of personal information related to this matter, but it is possible that spam e-mails such as ‘spoofing’ or ‘phishing scams’ using e-mail addresses may be sent,” said Toyota.

The company cautioned customers affected by the leak to look for potential phishing emails. In addition, it advised them to “be careful when viewing the URL address described in the email” and to not open any emails from senders they are unfamiliar with.

The disclosure by Toyota comes in response to several recent incidents of source code theft, which pose serious security threats to the impacted firms. These include the game producer Rockstar Games, the technology giant Intel, and the password security company LastPass. In addition, Toyota was forced to cease production at all of its Japanese operations in March 2022 due to a ransomware attack on a significant supplier.

Data Breach

Data breaches can be expensive, potentially fatal, and hurt a company’s finances and reputation. According to a report released by US technology corporation IBM, the average data breach cost would reach a record high of USD 4.35 million in 2022, a 2.6% increase over the previous year.

Numerous attacks emphasize how crucial it is to work with a security company like StealthLabs. Our security team will guide you to address essential concerns to protect your company’s data. So, before it’s too late, contact StealthLabs to start the process of safeguarding your data.

Contact Us


More Ransomware News: