Tata Motors has confirmed that over 70 terabytes (TB) of sensitive data were exposed due to security flaws in its digital systems. The leak, which included customer details, dealer records, and internal financial data, was discovered after cybersecurity researcher Eaton Zvere identified multiple weaknesses in the company’s online platforms. The auto major acknowledged that vulnerabilities existed in its systems but clarified that all issues had been addressed by the end of 2023.
E-Dukaan and FleetEdge Found Vulnerable
According to the researcher’s findings, the company’s E-Dukaan e-commerce portal had stored its Amazon Web Services (AWS) access keys in plain text within the website’s public source code, a basic yet serious error in key management. This exposed confidential data such as customer invoices, personal details, and PAN numbers. Similarly, the FleetEdge fleet management platform was found to have weak encryption keys that could be easily decoded, leaving vehicle tracking and operational intelligence data since 1996 open to access. A separate flaw in Tata Motors’ Tableau analytics dashboard allowed unauthorized logins without a password, compromising financial and dealer reports.
Also Read: Legacy Brand ‘Tata Motors’ Assigned to Commercial Vehicle Division After Restructuring
Company Acted After CERT-In Notification
Researcher Eaton Zvere reported the vulnerabilities to CERT-In (Indian Computer Emergency Response Team) in August 2023, following which Tata Motors initiated a full-scale review of its digital infrastructure. Sudeep Bhalla, Head of Corporate Communications at Tata Motors, confirmed that the company took immediate corrective action. “All identified weaknesses were thoroughly reviewed and fixed in 2023. We now maintain continuous monitoring and conduct regular third-party security audits,” Bhalla said.
Also Read: CM Hemant Soren Met Tata Motors Team on Hydrogen, EV Plans
Cyber Vigilance Now a Corporate Priority
The incident has reignited discussions around data protection practices among India’s large corporations, especially those with growing digital footprints. Industry experts say that even minor lapses, such as unsecured access keys or weak encryption, can lead to massive data exposure in interconnected systems. Tata Motors’ case serves as a reminder that cybersecurity in the automotive sector must evolve alongside its rapid digital transformation. The company has since upgraded its monitoring framework to detect anomalies in real-time, aiming to prevent a recurrence of such breaches.
Also Read: Tata Motors Handed Over LP Trim Line to Women Workforce
Join the WhatsApp Group of Business Jharkhand to Stay tuned for all the latest updates of industrial-political developments in Jharkhand.
