Tata Motors says it has resolved a set of cybersecurity issues that briefly left sensitive company and customer information accessible online.
Indian automobile manufacturer Tata Motors has confirmed that it has fixed several security vulnerabilities which exposed internal documents as well as personal data belonging to customers and dealers. The security lapses were discovered in the company’s E-Dukaan platform, an online portal used for purchasing spare parts for Tata’s commercial vehicles.

The issue was identified by security researcher Eaton Zveare, who found that the portal’s source code contained private keys granting access to Tata Motors’ cloud storage hosted on Amazon Web Services (AWS). This access allowed visibility into invoices, customer records, and various operational documents.

According to the researcher, the exposed information included hundreds of thousands of customer invoices, which contained names, mailing addresses, and Permanent Account Numbers (PAN)—a government-issued tax identification code in India. Additional files discovered included MySQL database backups and Apache Parquet files containing confidential communications and customer details.

Zveare noted that there were also keys that provided access to more than 70 terabytes of data from Tata Motors’ FleetEdge vehicle tracking service, along with administrative access to internal Tableau dashboards for over 8,000 users. These dashboards reportedly contained internal financial reports, dealer performance evaluations, and corporate analytics.

The researcher said he reported the vulnerabilities to India’s Computer Emergency Response Team (CERT-In) in August 2023, after which Tata Motors began working to secure the affected systems.

In a statement provided to TechCrunch, Sudeep Bhalla, Head of Communications at Tata Motors, confirmed that the company fully addressed the flaws in 2023. However, Tata Motors did not state whether customers whose information may have been exposed were notified.

He added that the company conducts regular cybersecurity audits, maintains access monitoring logs, and collaborates with security researchers to strengthen its defenses.

Tata Motors, headquartered in Mumbai, is one of India’s largest auto manufacturers and has operations in over 125 countries.

Source: Techcrunch