Volkswagen has disclosed a data breach affecting more than 3.3 million people, mostly customers or potential buyers of Audi vehicles. 163,000 people are in Canada, while the rest are in the United States.
Last Friday, the automaker explained that a database used for sales and marketing purposes between 2014 and 2019 was left unsecured and exposed online “at some point” between August 2019 and May 2021. The dates specific events were not specified.
A supplier behind the data breach
On March 10, Audi and Volkswagen were warned that an “unauthorized third party” had gained access to this information. An associated vendor has been identified as the source of the data breach, but the company has not been named.
Volkswagen indicates that first and last names, personal and / or professional postal addresses, e-mail addresses and telephone numbers may have been exposed, as well as information concerning “vehicles purchased, rented or subject to a request. information ”, such as vehicle identification numbers, makes, models, years and colors.
Volkswagen has informed the relevant authorities and law enforcement authorities of this data breach.
Sensitive data exposed
Reuters reports that regulators were told the majority of the data in question involved phone numbers and email addresses. Nonetheless, he adds that the purchase and rental information of about 90,000 Audi customers and potential buyers in the United States could have been compromised, including driver’s license numbers, dates of birth, security numbers. social security, account or loan numbers and tax identification numbers.
People whose sensitive data has been exposed will be offered free monitoring, via a code sent by email. People who are aware, but who have not received a code, have not had their sensitive information compromised. However, they must remain vigilant in the face of phishing emails or spam based on the master data that has been disclosed.
Emails or letters may also be sent to those affected by the security incident who were not direct customers or potential buyers. “In a limited number of cases, an Audi or Volkswagen customer or an interested buyer has provided the names and contact details of a relative or a personal reference to an authorized dealer for the purpose of seeking financing of some kind,” the IDX notification partner.
Investigation in progress
Volkswagen says external cybersecurity experts have been mobilized to investigate the incident.
“Audi and Volkswagen are working with third-party cybersecurity experts to assess and respond to the situation, and have taken steps to resolve the issue with the relevant supplier,” the companies say.
A help center has been set up by IDX for people who believe they have been affected by the data breach.
Source: .com
