Toyota warns customers of scam emails after possible data leak

Toyota warns customers of scam emails after possible data leak

Image:
Toyota warns customers of scam emails after possible data leak

Email addresses and other details of nearly 290,000 customers may have been compromised

Toyota Motor Corp said on Friday that personal information of about 296,000 customers from its T-Connect service might have been leaked after an access key was mistakenly made accessible to the public on GitHub for nearly five years.

T-Connect is a telematics service offered by Toyota that enables car owners to connect their smartphone to the infotainment system of their Toyota vehicle for phone calls, navigation, notifications integration, music, engine condition, and more.

Toyota recently learned that a section of the source code for the T-Connect website, which included an access key to the server that held users' email addresses and management numbers, had been accidentally published on GitHub.

Customers who signed up for the service after July 2017 may have been affected, according to the automotive giant.

The automaker says that between December 2017 and 15th September this year, a contractor who developed the T-Connect website accidentally uploaded parts of the source code with public settings.

After discovering the mistake, Toyota immediately made the source code private on GitHub, and on 17th September 2022 it modified the data server's access key, among other actions.

Based on preliminary investigations, Toyota said it hasn't found any evidence of unauthorised access to the data server where the details were kept. However, the firm also said that it was not completely ruling out third-party access.

Consumers' private details, such as names, phone numbers and credit card details, were not leaked as a result of this incident, it added.

Although the Japanese firm declined to confirm any instances of the data being abused, it did alert consumers to the possibility that spam, phishing schemes or unwanted emails could be sent to their email addresses.

"If you receive a suspicious email with an unknown sender or subject, there is a risk of virus infection or unauthorised access, so please do not open the file attached to the e-mail and delete the email itself immediately," the company said.

The automaker has publicly expressed regret for causing inconvenience to its customers.

Additionally, it is sending individual apologies along with notifications to registered emails of all affected customers.

The company has set up a special contact centre to address inquiries about the breach, and a form on its website that allows users to check whether their email was affected.

This is not the first time that Toyota has experienced a security incident.

The company had to stop production at 14 sites in Japan in February when Kojima Industries, a supplier of automotive components, became the target of a ransomware attack.

At the time, Kojima, which supplies air conditioning, steering wheel components and other parts to Toyota, said it had found a virus on its servers.