German automaker Volkswagen (opens in new tab) has announced that the information of more than 3.3m of its customers has been exposed online after one of its vendors failed to secure a collection of customer data.
In a notice of data breach (opens in new tab) obtained by TechCrunch (opens in new tab), the company explained that the vendor in question is used by Volkswagen, its subsidiary Audi and authorized dealers throughout the US and Canada.
The customer data, which spans from 2014 to 2019, was left unprotected online over the course of a two-year window from August 2019 until May 2021. While Volkswagen hasn't named the vendor responsible, it's likely the case that they exposed the data by leaving it in an unsecured database (opens in new tab).
- We've put together a list of the best identity theft protection (opens in new tab) services
- These are the best endpoint protection software (opens in new tab) solutions available
- Keep your devices virus free with the best malware removal software (opens in new tab)
Based on the information in the data breach notice, an unauthorized third party first accessed the data in March after which point Volkswagen launched an investigation into the matter. However, the company is just informing customers regarding the situation now as in May, it was able to confirm that sensitive personal information was also included in the incident.
Exposed customer data
The exposed data, collected on customers for sales and marketing purposes, contains personal information (opens in new tab) about Volkswagen customers and prospective buyers including their names, addresses, emails and phone numbers.
However, over 90,000 of the company's customers in the US and Canada also had some of their sensitive data exposed including information related to their loan eligibility status. According to the data breach notification, most of the sensitive data was driver's license numbers though a small number of records also including customers' birth dates and Social Security numbers (opens in new tab).
At this time, it's still unclear as to whether or not the exposed customer data has been misused by the unauthorized third party that was able to gain access to it.
Thankfully, Volkswagen has partnered with the consumer privacy platform IDX to provide customers whose data was exposed with identity theft protection (opens in new tab) which includes two years of credit and CyberScan monitoring. We'll likely find out more regarding what happened once law enforcement finishes its investigation.
- We've also rounded up the best antivirus (opens in new tab)
Via TechCrunch (opens in new tab)