On October 7, Toyota Automobile found that the email addresses and customer numbers of 296,019 customers may have been leaked. However, other sensitive personal information such as name, phone number and credit card information were not affected.
According to Reuters , the possible impact is customers who registered with Toyota T-connect service by email after July 2017. T-connect is Toyota's remote in-vehicle information and communication service, and car owners can connect to vehicles through the Internet.
Toyota investigation found that the reason why customer information was leaked was because the contractor who developed the T-Connect website uploaded part of the source code to the GitHub account and accidentally set the permissions to "public", from December 2017 to September 15 this year. GitHub website is one of the world's largest code communities. Developers are often used to store, manage, and collaborate on software projects. Users can discover and download code that others have exposed through searches. Toyota said the operation of publicly available source code violates the automaker's handling regulations.
Security experts cannot confirm from the access history of the data server whether a third party has accessed customer information, but it cannot be completely excluded. At present, Toyota has not received any reports of misuse of customer information. Still, Toyota warns users that they may be harassed by spam or scam emails.
According to technology media iTechPost, Toyota has sent an apology email to affected users regarding the leak. Toyota has created a website form where users can check whether their emails are one of the leaked emails. It also set up a dedicated call center to answer customer questions about data breaches.
Source: Southern Metropolis Daily
