Two Recent Information Security Incidents Resulted Into Exposure of Customer Data
14.12.2023

Here's another roundup of the latest information security incidents you need to know about today.

The first incident we report on involved a subsidiary of a well-known organization. An unauthorized party gained access to the systems of Toyota Financial Services (TFS), the financial arm of Toyota Motor Corporation - one of the world's largest car manufacturers. TFS offers a range of financial products including car loans, leases and insurance solutions.

As a result of the attack, the attacker gained access to the following customer information:

  • Full names
  • Residence addresses
  • Contract information, lease-purchase details
  • IBAN (International Bank Account Number).

The affected parties turned out to be German residents. According to the company spokesperson, all involved customers were notified of the incident.

As a result of the second incident, confidential data, containing sensitive user details and enterprise data leaked from Barcode to Sheet, which is the popular Android app.

The application in question is a barcode scanner that allows users to convert data from barcodes into various formats that can be recognized by spreadsheet applications. It targets e-commerce customers and has over 100,000 downloads on Google Play.

The incident occurred because the application's database was unprotected, exposing the hundreds of MB of data.

The following information was leaked:

  • Product information
  • Reports 
  • Emails 
  • User IDs.

The open server allegedly also stored sensitive application client-side information with access keys and IDs. It is claimed that the Cybernews researchers who discovered the leak have already contacted the developers of Barcode to Sheet, who in turn have said that they are working on a solution to the problem.


Whether the result of criminal activity or simple human error, data leaks never go away and will always result in financial and reputational loss. The good news is that such incidents are preventable. You can try our comprehensive protection against internal threats by clicking here, it's free for the first 30 days.


 

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.