Apparently, The source of the data is the Toyota T-Connect application, an app to provide a link to the car from the Smartphone. A part of the application's source code was published in a GitHub repository. The application serves car owners to link their phones with the vehicle's infotainment system or to know the car's status.
This has made it possible for data from practically 300.000 the company's customers between December of 2017 and September of 2022. In the statement, it is explained that customers' bank data has not been compromised, as these are hosted on other systems different from those published on GitHub.
Toyota, for its part, holds a subcontractor responsible for the events and confirms that such a breach did not occur due to a systems intrusion, but it seems to be the result of poor information handling.
These types of incidents can cause significant harm to the affected companies and serious reputational problems.
Fountain: Bleeping Computer