Toyota Motor Corporation reveals a data breach that may have compromised the personal information of its customers after an access key was made available to the public on GitHub for over five years.
The data breach at Toyota Kirloskar Motor, a joint venture with Indian giant Kirloskar Group, has been reported to the appropriate Indian authorities, according to Toyota India.
The carmaker recently learned that some of the source code for its T-Connect website was unintentionally posted on GitHub. The report stated that around 296,000 customer records may have been compromised due to this issue.
The company built the T-Connect app, which gives car owners access to the infotainment system of their vehicle and allows them to keep an eye on who has access to it.
Along with the code, the data server access key that held client data such as email addresses and management numbers was also included. By a developer subcontractor, the source code was exposed.
“In December 2017, the “T-Connect” website development subcontractor mistakenly uploaded part of the source code to their GitHub account while it was set to be public, in violation of the handling rules”, according to the notice published by the company.
“This incident was caused by the inappropriate handling of the source code by the development contractor company. We will proceed”.
