Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Mercedes-Benz USA Says Vendor Exposed Customer Information

Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor.

Mercedes-Benz USA said last week that sensitive personal information pertaining to its customers was inadvertently exposed by a vendor.

The incident, initially disclosed by the affected vendor on June 11, involved more than 1.6 million records, a vast majority of which including names, addresses, email addresses, phone numbers, and some details on purchased vehicles.

However, only “less than 1,000 Mercedes-Benz customers and interested buyers” had what the German luxury carmaker described as “sensitive personal information” impacted.

This information includes self-reported credit scores, along with a small number of credit card details, dates of birth, driver license numbers, and social security numbers.

“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” Mercedes-Benz says.

The company has started notifying those whose additional information was accessible.

The information was exposed on a cloud storage platform that was likely incorrectly configured, but which has since been secured.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017,” the company says.

Advertisement. Scroll to continue reading.

Mercedes-Benz also notes that none of its systems has been compromised as part of the incident and that it has no evidence that any of its files were maliciously misused.

Related: Volkswagen America Discloses Data Breach Impacting 3.3 Million

Related: UK Law Firm Gateley Discloses Data Breach

Related: Japanese Ministries Confirm Impact from Fujitsu Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.