Toyota customers in Italy may have had their personal data compromised after an extensive base containing the accounting data of Salesforce Marketing Cloud, a software supplier and services for automation of digital marketing, was made available on the official Toyota website. Attackers could access phone numbers and email addresses of customers and use the company’s official communication channel to communicate with them. Researchers from Cybernews said that the leak is significant because attackers could use it to launch sophisticated phishing campaigns where they would have access to the official Toyota communication channels and control them, making it more likely that victims would fall for an attack.
Toyota revealed that the leak was not caused by human error, but by a targeted security disorder in one of the company’s Italian offices. The automaker has implemented all necessary cybersecurity measures to mitigate the effects of the leak and prevent further incidents. However, this appears to be part of a broader trend. Researchers from Cybernews also noticed the same database on the Italian website of German car manufacturer BMW in early March. Moreover, Hyundai recently revealed that personal data of its customers was compromised after a security lapse at the company’s Italian and French offices. The compromised information includes phone and email addresses and physical addresses of customers.
Although no evidence exists that the compromised data has been used for fraudulent purposes, Hyundai has recommended that its customers be vigilant and check any attempts to contact them via email or SMS. All three automakers, Toyota, BMW, and Hyundai, appear to have been affected by similar security violations that have targeted their Italian customers. It is possible that a common local partner or service provider is involved in these leaks, and investigations are ongoing. Further leaks from other major car concerns with offices in Italy are anticipated, and the situation continues to be monitored.