An unsecured treasure trove of data used for sales was exposed.
Volkswagen disclosed a data breach impacting over 3.3 million customers. The majority of affected individuals are either current or prospective buyers for Audi vehicles.
163,000 individuals are in Canada, whereas the rest are in the United States.
On Friday, Volkswagen said that a compilation of data that were used for sales and marketing purposes between 2014 and 2019 was left unsecured and exposed online “at some point” between August 2019 and May 2021, although the exact timeline has not been established.
The source of the breach was identified to be an associate vendor but the company has not been named.
Audi and Volkswagen were alerted that “an unauthorized third party” may have accessed this information on March 10.
According to the automaker, the first and last names, mailing addresses, email IDs and phone numbers may have been exposed in the breach, together with information concerning “vehicle[s] purchased, leased, or inquired about,” such as vehicle ID numbers, makes, models, years, and colors.
All the relevant authorities and law enforcement agencies have been informed of the data breach.
The regulators were informed that the majority of records only relate to phone numbers and email addresses, however, around 90,000 Audi customers and potential buyers in the US may have had purchase and lease eligibility data compromised, such as driving license numbers, dates of birth, Social Security numbers, account or loan numbers, and tax identification numbers.
All the impacted individuals whose sensitive data has been exposed will be offered free credit monitoring through an enrollment code.
The company states that those customers who have been notified, but not offered this code, might not have information deemed sensitive compromised and so they must look out for phishing emails or spam based on any of the basic data leaked.
Those who are not direct customers or prospective buyers but involved in the incident will be notified through emails or letters.
In a limited number of cases, an Audi or Volkswagen customer or interested buyer has provided names and contact information for a relative or personal reference to an authorized dealer for purposes of seeking financing of some kind.
Volkswagen has hired external cybersecurity experts to investigate the incident and a help hub has been set up for those who have been impacted by the data breach.