Security Experts:

Volkswagen America Discloses Data Breach Impacting 3.3 Million

Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA).

The incident was discovered on March 10, 2021 and a law enforcement investigation was immediately launched into the matter, the auto conglomerate said.

The investigation revealed that a third party gained access to various information gathered between 2014 and 2019 and which was left exposed “at some point between August 2019 and May 2021,” when the source of the leak was identified.

“VWGoA discovered the information at issue included more sensitive personal information on or about May 24, 2021. VWGoA completed the analysis to identify which specific individuals were impacted on or about June 7, 2021,” the company said in a letter to the Maine Attorney General.

[ Related: Auto Insurance Giant GEICO Discloses Data Breach ]

As part of the incident, “limited personal information” on customers and interested buyers in the United States and Canada was accessed, VWGoA says. The data was leaked by a vendor that Audi, Volkswagen, and authorized dealers use.

The exposed data includes names, email and mailing addresses, and phone numbers. In some cases, information on the purchased or leased vehicles was also compromised, including Vehicle Identification Number (VIN), make, model, color, trim packages, and year.

More than 3.3 million individuals were impacted in the incident. According to VWGoA, for “over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers.” 

For roughly 90,000 Audi customers, or individuals interested in making a purchase, the leaked data also includes information on eligibility for a purchase, loan, or lease. In most cases (over 95%), this includes driver’s license numbers.

“A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers,” VWGoA says.

The company is already informing the affected individuals of the data breach. A copy of the letter sent to customers and interested buyers was also filed with the Maine Attorney General’s office.

Related: Auto Insurance Giant GEICO Discloses Data Breach

Related: Oilfield Services Company Gyrodata Discloses Data Breach

Related: Shell Says Personal, Corporate Data Stolen in Accellion Security Incident

view counter