Tata Motors Fixes Cloud Security Flaws That Exposed Customer And Corporate Data
In Focus
- Tata Motors data breach confirmed with major security flaws now resolved
- The cloud credentials leak traced to hard-coded AWS keys in the E-Dukaan spare-parts portal
- Tata Motors data breach exposed 70 TB customer data, including personal records and internal business dashboards
In a major development for automotive enterprises and digital B2B operations, Tata Motors has confirmed it addressed a series of security vulnerabilities that resulted in the exposure of both internal company and customer information. According to a report by TechCrunch, the incident stems from a cloud access issue tied to a public-facing portal.
What Caused The Exposure And How It Was Fixed?
The process of the exposure began with hard-coded Amazon Web Services credentials embedded in the source code of Tata Motors “E-Dukaan” spare-parts e-commerce portal, which services its commercial vehicle business.
This mis-configuration allowed access to corporate cloud-storage buckets, dashboards and operational data. On 26 September, 2025, A major cybersecurity incident emerged in India, as a India Bank data breach exposed sensitive financial records belonging to Indian businesses and individual customers.
Once the credentials were exposed, more than 70 terabytes of data were reportedly accessible. This included customer invoices with names, addresses and Permanent Account Numbers (PANs), internal financial and dealer-performance dashboards, and fleet-tracking records.
Tata Motors communications head Sudeep Bhalla, as stated by TechCrunch – “We can confirm that the reported flaws and vulnerabilities were thoroughly reviewed following their identification in 2023 and were promptly and fully addressed.” The company reported the fixes had been implemented in 2023, although it did not specify whether or when affected customers were notified of the incident.
- Exposure route: hard-coded AWS keys in a public portal
- Data impacted: customer PII, internal dashboards, dealer and fleet data
- Remediation: review and fixes in 2023, but customer-notification timeline unclear
What Matters Most?
- The root cause was a cloud credential mis-configuration via a portal code base.
- The breach’s volume and scope make it one of the larger recent manufacturing-sector exposures.
- Remediation is confirmed, but the transparency around customer notification remains incomplete.
Strategic Outlook For The Industry
The Tata Motors incident drives home the fact that as manufacturers increasingly integrate digital and supply-chain services across geographies, the attack surface broadens significantly. Recently, Salesforce has faced a data breach where hackers threaten to leak 1 billion records of its customers.
The operational footprint of Tata Motors, global manufacturing, commercial-vehicle service networks, digital parts-ordering, connected-fleet data, magnifies the risk when seemingly simple security mis-steps occur.
Enterprises should consider:
- Conduct third-party audits of cloud access and public portal code.
- Expand data-asset visibility to include dealer and fleet information.
- Maintain clear, compliant incident-notification procedures.
- Enforce strong cloud-security hygiene and credential controls.
Final Observations
The resolution of the Tata Motors data breach incident marks an important milestone for enterprise risk management in industrial sectors. It reinforces that the Tata Motors data breach, and its associated Tata Motors customer data exposure and Tata Motors cloud credentials leak, were precipitated by a gap in cloud-credential governance. This gap exposed more than 70 terabytes of data.
Manufacturing organizations transforming into digital service providers must view cybersecurity not as a tertiary function but as a core operational imperative for business resilience and partner trust.
