Toyota Italy has suffered a data leak, accidentally exposing sensitive information for more than a year and a half until March this year. The leak left the company’s vast pool of customers in Italy vulnerable to phishing attacks, with attackers having access to Toyota clients’ phone numbers and email addresses.
It has been discovered that the company exposed credentials to Salesforce Marketing Cloud, which provided digital marketing automation and analytics software and services. Toyota Italy also exposed software company Mapbox’s application programming interface (API) tokens, used to query map data.
“An additional set of countermeasures have been put in place to restore and strengthen our cybersecurity systems and protocols. We have reported this risk of exposure of privacy data to the relevant Italian authorities and are fully cooperating with the ongoing investigation. Toyota takes this case, and cybersecurity in general, very seriously. We are taking this opportunity to learn from the findings to further upgrade the robustness of our cybersecurity systems and protocols to prevent a recurrence of similar incidents.”Toyota
While not as sensitive as the Salesforce Marketing Cloud credentials, attackers could exploit this data to query a lot of requests and rack up the cost for API usage for Toyota. Cybernews has contacted the car manufacturer, and at the time of writing, the dataset has been secured.
Toyota Italy has assured the public that it has taken measures to strengthen its cybersecurity systems and protocols.