Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeTechnologyTata Motors fixes major data leak that exposed customer details, internal reports, and 70TB of company data online

    Tata Motors fixes major data leak that exposed customer details, internal reports, and 70TB of company data online

    Tata Motors fixed major security flaws in its E-Dukaan portal that exposed customer data, invoices, and internal reports. Researcher Eaton Zveare discovered the vulnerabilities, which have since been patched.

    MC Tech Desk
    October 29, 2025 / 13:40 IST
    Tata Motors

    Tata Motors has fixed multiple security loopholes that had exposed sensitive customer information and internal company data online. The issues, discovered by cybersecurity researcher Eaton Zveare, were found in the automaker’s E-Dukaan platform, a digital storefront for ordering spare parts for Tata’s commercial vehicles.

    According to Zveare’s findings shared with TechCrunch, the E-Dukaan web app contained hardcoded private keys for Tata Motors’ Amazon Web Services (AWS) account. This misstep potentially gave anyone access to the company’s cloud storage, where large volumes of confidential data were stored.

    Among the exposed information were hundreds of thousands of invoices, complete with customer names, addresses, and even Permanent Account Numbers (PANs). The leak also included database backups, internal documents, and communication files.

    Even more alarming was the access to over 70 terabytes of data related to Tata’s FleetEdge vehicle tracking software — the same system that collects live data from commercial vehicles. Zveare also found administrator-level credentials for a Tableau analytics dashboard that contained reports on more than 8,000 users, including internal performance and financial data.

    Zveare reported the vulnerabilities to CERT-In, India’s nodal cybersecurity agency, in August 2023. Tata Motors later confirmed that it had taken action to fix the issues and secure the data. “All vulnerabilities were addressed by the end of 2023,” the company told TechCrunch, though it did not specify if affected users were notified.

    Related stories

    Sudeep Bhalla, Head of Communications at Tata Motors, said the company now conducts regular third-party audits and continuously monitors its systems for suspicious activity.

    The incident is another reminder of how even legacy giants are not immune to cloud misconfigurations. In an increasingly digital India, where automotive, financial, and retail services are rapidly moving online, data security isn’t just an IT concern — it’s a brand trust issue.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    MC Tech Desk Read the latest and trending tech news—stay updated on AI, gadgets, cybersecurity, software updates, smartphones, blockchain, space tech, and the future of innovation.
    first published: Oct 29, 2025 01:40 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347