One more victim of MOVEit application vulnerability and exposure of data on 260,000 car owners

15.06.2023

It’s time to review some of the major data related incidents that have occurred recently.

Let's start with Prudential, the multinational insurance company. The company representatives revealed details about cybersecurity attack on two of its subsidiaries in Malaysia. It was revealed, that the incident was caused by the MOVEit data theft attack. A few organizations have already fallen victims to this attack, which exploits a critical security vulnerability in a popular corporate file transfer tool. Recently, we reported another case of the MOVEit massive data leak which caused theft of personal data from over 100,000 employees. This time, it is highly likely that the personal data of both Prudential's agents and their customers was affected by the data theft.

It is assumed, that the following information has been affected:

•    Bank account 
•    Partial credit card information
•    National identification number
•    Name
•    Contact number.
 

Prudential officials states that it company’s employees in charge regularly examine and update its protective systems, that’s why the company's response to the incident was rapid.
Now let’s move on to another resonant incident. Just two weeks after investigating a breach that resulted into exposure of data on 2.15 million customers, Japanese car manufacturer Toyota Motors Corporation has discovered another data leak.

Due to the Toyota Connected (TC) cloud misconfiguration some data was exposed and could have been potentially obtained by third parties. Overall, data on 260,000 car owners in Japan was exposed. The data compromised included car navigation data, including in-vehicle device IDs, map data updates, and updated data creation dates. 

However, luckily, the exposed data could not identify the affected individuals or compromise internal car systems. The company representatives also claim that no evidence of the data misuse by third parties has been obtained.