Automaker Toyota has revealed that personal information of nearly 300,000 customers may have been exposed since July 2017.
In a statement, the car maker said that e-mail addresses and customer management numbers of some customers who subscribe to “T-Connect” have been leaked.
In total, 296,019 cases were found to have been leaked.
“We sincerely apologise for causing great inconvenience and concern to our customers,” the company said.
In addition, the personal information that may be leaked is the e-mail address and customer management number, and “other information such as name, phone number, credit card, etc. is not affected,” it added.
From December 2017 to September 15, 2022, a third party was able to access part of the company’s source code on GitHub.
“It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server,” said Toyota.
The source code was made private on GitHub, and on September 17, “we changed the access key for the data server, etc., and no secondary damage has been confirmed”.
Toyota is now individually sending an apology and notification to the registered email address of any customer whose email address or customer management number may have been leaked.
It said that the incident was caused by the inappropriate handling of the source code by the development contractor company.
“At this time, we have not confirmed any unauthorised use of personal information related to this matter, but it is possible that spam e-mails such as ‘spoofing’ or ‘phishing scams’ using e-mail addresses may be sent,” said Toyota.