In an instance of an important data breach, Tata Motors has dealt with proximal 70 terabytes of company and customer information that was leaked because of erroneously set cloud manuals.
The carmaker reassured that it has addressed all the identified security weaknesses and did not think any more intruders are active.
What went on and what was revealed
Researchers who specialize in security realized that there had been the exposure of an unsecured cloud store setting owned by Tata Motors.
The data breach was owing to cloud access keys and permissions that gave unwanted access of various large datasets to the public.
Some of the information that was revealed included internal reports, customer records, test drive details, dealership databases and other sensitive documentation.
Despite Tata Motors not publish a list of individual items and affected records, since the level of incident is large, it is one of the most serious among Indian automakers in this year.
Tata Motors in its turn responded. The company rolled over the affected credentials, put the storage buckets on lockdown, and initiated a forensic probe to find out the cause and extent of the exposure.
The carmaker has also reported to regulators in line with the existing data protection regulations and initiated making phone calls to the customers who could have been affected to provide them with instructions on the system of keeping track of their personal data.
Although it is not verified that the bad actors stole data and used it to commit fraud, the incident subjected the cloud infrastructure provided by Tata Motors to unreasonable risk.
The insiders pointed to a set of wide ranging permission settings and the absence of automated monitoring warnings contributions as the cause of the issue, which Tata Motors claimed it was currently enhancing as its mitigation strategy.
The company also focused on the fact that the company is improving its internal operations, such as stricter access control rules, elimination of hard coded credentials, better encryption habits and extensive employee education on cloud security hygiene.
The reputational risk and the regulation implication were enormous in regards to a brand this large as the actual cost of the breach has not been disclosed.
The management of Tata Motors specifically referred to the event as a wake up call to the organization and an overall reminder of how business models and online operations based on clouds should be adjusted to strict security requirements.
The car manufacturer has indicated that it would do everything possible to avoid repeating such a situation in the future and providing more hardened safety to its consumers and stakeholders.
