Volkswagen: Security breach exposes contact details of 3.3 million customers |
After a provider exposed unprotected data online, Volkswagen suffered a data breach that affected 3.3 million customers.
The Volkswagen Group is a subsidiary of the Volkswagen Group in North America. It is responsible for the Volkswagen, Audi, Bentley, Bugatti and Lamborghini businesses in the USA and Canada.
Volkswagen has announced that a vendor disclosed unprotected data online between August 2019 and May 2021, according to a privacy breach notice filed with the California and Maine attorney generals' offices.
On March 20, VWGoA received a notice from the seller that an unauthorized person had accessed the data and may have received customer information from Audi, Volkswagen and some authorized dealers.
According to VWGoA, 3.3 million customers have been affected by the infection. More than 97% of those affected relate to Audi customers and potential buyers.
The data disclosed varies from customer to customer. But it can range from contact details to more sensitive information like Social Security numbers and credit numbers.
The data includes all or part of the following contact information: name, personal or professional mailing address, e-mail address or telephone number.
Some of the data also contains information about buying or renting a car. Such as vehicle identification number, model, year, color and parts packaging.
Annoying vulnerabilities from Volkswagen:
The data also contains more sensitive information about eligibility for purchases, loans or rentals. Driver's license numbers are over 95% of sensitive data.
There are also a few birth dates, Social Security numbers, insurance numbers, account or loan numbers, and tax numbers.
For the 90,000 customers whose most sensitive information has been exposed, Volkswagen offers free credit protection and monitoring services, including $1 million in identity theft insurance.
VWGoA has begun notifying affected customers and prospects via email. Remind customers of suspicious emails, calls or texts.
Since data from Audi and Volkswagen has long been unprotected, there is no indication of how many people have gained unauthorized access.
Therefore, any communications purported to be from the company must be suspicious. Mostly emails or SMS.
However, it was not clear from the letter from Volkswagen whether the company had any indications of abuse of the seller's data disclosure.