Toyota India reports data breach; extent of intrusion to be determined

Toyota’s India has reported a data breach in its system on January 1. In a statement, Toyota Kirloskar Motor said that one of its service providers notified an incident that might have exposed some of its customers’ personal information on the Internet. The magnitude of the breach is yet to be fully determined and the company said that it is working to confirm the extent of the intrusion. The Indian Computer Emergency Response Team (CERT-In), under the IT ministry, has been notified of the breach.

“Considering this incident, TKM will work with its service provider to further enhance the existing extensive guidelines being followed and is fully committed to avoid any kind of inconvenience to our esteemed customers. We sincerely apologise for any concern this may have caused to our customers,” the official statement further added.

Earlier in October 2022, Toyota Motor Corp suffered a security snafu, putting  296,019 email addresses and customer management numbers at risk. The compromised customers were using the company’s T-connect app which allows users to connect to their vehicles via a network. 

In a statement, the company had then said that an outsourced developer who was developing the app uploaded the source code to GitHub public repo in December 2017. This published source code also contained an access key to the data server which stored email addresses and customer management numbers. It was only discovered in September 2022.