Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Mercedes-Benz USA Says Vendor Exposed Customer Information

Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor.

Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor.

The incident, initially disclosed by the affected vendor on June 11, involved more than 1.6 million records, a vast majority of which including names, addresses, email addresses, phone numbers, and some details on purchased vehicles.

However, only “less than 1,000 Mercedes-Benz customers and interested buyers” had what the German luxury carmaker described as “sensitive personal information” impacted.

This information includes self-reported credit scores, along with a small number of credit card details, dates of birth, driver license numbers, and social security numbers.

“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” Mercedes-Benz says.

The company has started notifying those whose additional information was accessible.

The information was exposed on a cloud storage platform that was likely incorrectly configured, but which has since been secured.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017,” the company says.

Mercedes-Benz also notes that none of its systems has been compromised as part of the incident and that it has no evidence that any of its files were maliciously misused.

Related: Volkswagen America Discloses Data Breach Impacting 3.3 Million

Related: UK Law Firm Gateley Discloses Data Breach

Related: Japanese Ministries Confirm Impact from Fujitsu Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.