On September 17, 2022, the database’s keys were changed, purging all potential access from unauthorized third parties. The announcement explains that customer names, credit card data, and phone numbers have not been compromised as they weren’t stored in the exposed database. Toyota blamed a development subcontractor for the error but recognized its responsibility for the mishandling of customer data and apologized for any inconvenience caused. The Japanese automaker concludes that while there are no signs of data misappropriation, it cannot rule out the possibility of someone having accessed and stolen the data. For this reason, all users of T-Connect who registered between July 2017 and September 2022 are advised to be vigilant against phishing scams and avoid opening email attachments from unknown senders claiming to be from Toyota.
Read more of this story at Slashdot.