Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor.
The incident, initially disclosed by the affected vendor on June 11, involved more than 1.6 million records, a vast majority of which including names, addresses, email addresses, phone numbers, and some details on purchased vehicles.
However, only “less than 1,000 Mercedes-Benz customers and interested buyers” had what the German luxury carmaker described as “sensitive personal information” impacted.
This information includes self-reported credit scores, along with a small number of credit card details, dates of birth, driver license numbers, and social security numbers.
“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” Mercedes-Benz says.
The company has started notifying those whose additional information was accessible.
The information was exposed on a cloud storage platform that was likely incorrectly configured, but which has since been secured.
“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017,” the company says.
Mercedes-Benz also notes that none of its systems has been compromised as part of the incident and that it has no evidence that any of its files were maliciously misused.