Toyota issued a warning to Toyota smartphone app users that they might get spam, phishing scams, or unsolicited email messages after about 296,000 pieces of customer information leaked.
According to Reuters, 296,019 email addresses and customer numbers leaked. These are from the users of T-Connect, a telematics service that connects vehicles via an online network.
Toyota Issues Apologies to Affected Customers
Customers who signed for T-connect using their email addresses since July 2017 are affected by the leak, according to Gizmodo.
Fortunately, only customers' email addresses and numbers were leaked. Other sensitive information such as costumers' names, phone numbers, and credit card information were not affected, according to Toyota.
As of writing, no cases of misuse of customers' information was reported yet, according to the Japanese automaker. Despite of this, Toyota still warns users that they might receive spam, phishing scams, or unsolicited email messages.
Based on the investigation conducted by security experts, they cannot confirm whether there's a third party access from the access history of the data server.
However, according to Toyota, they cannot completely rule out that there is no third-party access that happened.
In connection with the leak, Toyota sent individual apologies to registered emails of users who are affected by the breach.
The leaking incident happened because a subcontractor, who was a developer for the T-Connect website, accidentally uploaded part of the source code to a GitHub account. And instead of setting to private, it was set to public.
Github is an internet hosting service for developers for version control and collaboration. According to Toyota, setting the code to public is in violation to the carmaker's handling rules.
To better assist the clients, a dedicated call center was also set up by the company to answer questions of customers about the data leak.
In addition, the carmaker also put up a website form where users can check if their email was one of those which are compromised.
Toyota Suffers Cyberattack in the Past
Car apps put users' personal information at risk, according to experts. Researchers at the cybersecurity firm Kaspersky issued a report in May that more than half of these car apps use customers' personal information.
In addition, these car apps do not seek users' consent before using their personal information. The problem is these car apps are vulnerable to security breaches.
This is not the first time that Toyota suffers from a cyberattack. In February, it halted operations of its 14 domestic factories after a supplier of plastic parts and electronic components became a victim of a suspected cyberattack.
The carmaker lost around 13,000 car output because of the incident. While, a spokesperson from Toyota said that it's a "supplier system failure," a spokesperson from Kojima Industries Corp. said that it is some kind of cyberattack.
The production halt of Toyota due to the cyberattack happened as the carmaker is facing supply chain disruptions around the world because by the COVID-19 pandemic. The pandemic forced the company as well as other carmakers to curb its production.
Related Article: Toyota Unveils Details About Its Newest Crown Model - What Is It Like?