Tata Motors—the legendary Indian automotive behemoth headquartered in Mumbai—has moved quickly to change that. With their help, Acxiom tackled a long list of security vulnerabilities that had previously exposed sensitive internal information, such as personal customer data, company business reports, and dealer-related data. The mishaps in the firm’s E-Dukaan arm were stunning. The e-commerce portal is aimed at buying spare parts only for Tata-made commercial vehicles.
Security researcher Eaton Zveare found these security shortcomings and immediately reported his concerns responsibly. TechCrunch got this exclusive first, which was exactly a good thing. The vulnerabilities raised concerns about potential data breaches, affecting not only Tata Motors but its customers and business partners.
E-Dukaan is an important platform for Tata Motors as it drives online purchase of spares. The extracted data had some significant pieces missing. These ranged from internal financial projections to performance reports for the sales and service departments to dealer scorecards and operational dashboards. Zveare highlighted the extent of the issue by stating that server administrators had access to all of this sensitive information.
“As server admin, you had access to all of it. This primarily includes things like internal financial reports, performance reports, dealer scorecards, and various dashboards.” – Eaton Zveare
Before or after the sudden announcement of the security flaws, Tata Motors rushed to remedy the deficiencies. Sudeep Bhalla, the communications head at Tata Motors, confirmed that the company thoroughly reviewed the reported flaws and promptly fixed them.
“We can confirm that the reported flaws and vulnerabilities were thoroughly reviewed following their identification in 2023 and were promptly and fully addressed.” – Sudeep Bhalla
Beyond addressing the vulnerabilities, Bhalla underscored the company’s focus on cybersecurity. He shared that Tata Motors does quarterly infrastructure audits along with leading cybersecurity companies. They maintain strict forensic records of access to identify any misuse. The company further partners with regional and industry-based experts as well as leading security researchers to strengthen its security practices.
“Our infrastructure is regularly audited by leading cybersecurity firms, and we maintain comprehensive access logs to monitor for unauthorized activity. We also actively collaborate with industry experts and security researchers to strengthen our security posture and ensure timely mitigation of potential risks.” – Sudeep Bhalla
This rapid response from Tata Motors shows how much they care about safeguarding sensitive data and keeping their customers’ trust. The company’s robust manufacturing portfolio includes commercial and defense vehicle production, as well as passenger vehicles. Alongside that, it emphasizes the best security protocols available to safeguard its operation.
