AutoBeta(AutoBeta.net)09/17 Report--

According to media reports, the Mazda server was illegally accessed by external attackers, and about 104732 pieces of personal information managed by the company, including the names and phone numbers of its employees and partners, may have been leaked.

On September 15, Mazda issued a statement saying that Mazda's server had been illegally accessed by external attackers, which could lead to the disclosure of some personal information. However, Mazda stressed that the illegally accessed server does not store any customer personal information, this part of the information is not disclosed. The company apologizes for the inconvenience and concern that this incident may cause to relevant personnel.

In addition, Mazda said that according to the investigation results of external security experts, it was confirmed that the unauthorized access was carried out by exploiting vulnerabilities in the company's installed application server. the personal information that may be leaked include the company and group employees, subcontractor employees, business partners, including name, email address, department and position, telephone number, and so on.

The incident began on Sept. 6, when a netizen in Ningbo, Zhejiang Province revealed that when browsing Mazda's official website online, the website automatically jumped to pornographic pages, which were full of porn-related movies and TV dramas. The video exposed by the network shows that the netizen clicked on the "FAW Mazda" page. A reporter interviewed Mazda (China) Enterprise Management Co., Ltd. by telephone, and the staff replied that they would verify the matter with the IT department and record relevant information, and the results of the investigation would be fed back to the reporter. In the afternoon, Changan Mazda customer service staff said that Changan Mazda has been merged with FAW Mazda, the original FAW Mazda official website is no longer used, do not rule out the embezzlement.

In the evening, Mazda issued a statement saying that there was an illegal website posing as "Changan Mazda" official website, and the company immediately reported to the public security organs and reported the situation to the search platform. At that time, Changan Mazda also awakened everyone in the statement to accurately identify, beware of illegal web site deception, and jointly maintain the network environment.

Mazda said in the statement that the company needed time to determine the extent of the impact during the investigation by external security experts, so the company apologized for the delay in issuing the announcement. The company has reported the matter to the police and made the necessary report to the personal Information Protection Committee. Mazda promised to take all possible measures to prevent similar incidents from happening again.

It should be noted that at present, the automobile industry is entering a new era of intelligent network connection, and more cars are endowed with intelligent and interconnected characteristics, and as intelligent network connection vehicles have become the development trend of the automobile industry, user data security has also become the focus of attention. Whether it is an enterprise or an individual, the disclosure of user data will bring huge losses.

And Mazda is not the first auto company in the automotive industry to have an information leak. In May, Toyota said the vehicle data of about 2.15 million users in Japan was at risk of being leaked due to missettings in the cloud environment, including the identification number and location of the vehicle equipment. In addition, in the same month, Tesla also attracted widespread market attention because of the internal employee data disclosure incident, which affected 75000 people, including employee-related records, and the incident originated from "internal employee misconduct." Tesla sent a copy of a letter with a notice of data disclosure to those affected in August: "Foreign media (German business newspaper) informed Tesla on May 10, 2023. It said it had obtained confidential information about Tesla. The investigation showed that two former Tesla employees violated the company's IT security and data protection policy, embezzled the information and shared it with the media (German Business Daily). "

Welcome to subscribe to the WeChat public account "Automotive Industry Focus" to get the first-hand insider information on the automotive industry and talk about things in the automotive circle. Welcome to break the news! WeChat ID autoWechat