The world’s biggest carmaker on Friday (Oct. 7) apologized for a breach apparently caused by a third-party vendor that is thought to have leaked close to 300,000 email addresses and associated customer management numbers.
Toyota Motor announced on its website that email addresses and associated customer management numbers for 296,019 subscribers to the Japanese carmaker’s Toyota Connect (T-Connect) mobile app were “mistakenly” leaked through a subcontractor, according to a statement issued by the company.
Customers affected had registered their email addresses on the T-Connect app as of July 2017, according to the notice. The app connects customers to their vehicles through smartphones.
See also: Toyota Taps Stripe to Help Auto Repair Shops
The carmaker is sending individual apologies along with notifications to registered emails of anyone breached. The company also set up a dedicated call center to answer questions about the breach and has a website form so people can check to see if their email was compromised.
The incident occurred after an unnamed subcontractor who was a developer for the T-Connect website reportedly uploaded part of the source code to a GitHub account and set it to public instead of private, according to multiple media reports.
Github is an internet hosting service for developers for version control and collaboration. Setting the code to public violates Toyota’s handling rules, the carmaker said.
Read more: AI Brings Your Car Into the Conversation
Toyota said the incident did not include the exposure of any sensitive information, such as users’ names, phone numbers, or financial data. There is the possibility of victims’ email addresses being used for phishing scams and unsolicited messages.
This is not the first time Toyota fell victim to a cyber attack. A February ransomware attack on a supplier in February forced the carmaker to halt production at 14 plants in Japan.