Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Volkswagen America Discloses Data Breach Impacting 3.3 Million

Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA).

Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA).

The incident was discovered on March 10, 2021 and a law enforcement investigation was immediately launched into the matter, the auto conglomerate said.

The investigation revealed that a third party gained access to various information gathered between 2014 and 2019 and which was left exposed “at some point between August 2019 and May 2021,” when the source of the leak was identified.

“VWGoA discovered the information at issue included more sensitive personal information on or about May 24, 2021. VWGoA completed the analysis to identify which specific individuals were impacted on or about June 7, 2021,” the company said in a letter to the Maine Attorney General.

[ Related: Auto Insurance Giant GEICO Discloses Data Breach ]

As part of the incident, “limited personal information” on customers and interested buyers in the United States and Canada was accessed, VWGoA says. The data was leaked by a vendor that Audi, Volkswagen, and authorized dealers use.

The exposed data includes names, email and mailing addresses, and phone numbers. In some cases, information on the purchased or leased vehicles was also compromised, including Vehicle Identification Number (VIN), make, model, color, trim packages, and year.

More than 3.3 million individuals were impacted in the incident. According to VWGoA, for “over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers.” 

Advertisement. Scroll to continue reading.

For roughly 90,000 Audi customers, or individuals interested in making a purchase, the leaked data also includes information on eligibility for a purchase, loan, or lease. In most cases (over 95%), this includes driver’s license numbers.

“A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers,” VWGoA says.

The company is already informing the affected individuals of the data breach. A copy of the letter sent to customers and interested buyers was also filed with the Maine Attorney General’s office.

Related: Auto Insurance Giant GEICO Discloses Data Breach

Related: Oilfield Services Company Gyrodata Discloses Data Breach

Related: Shell Says Personal, Corporate Data Stolen in Accellion Security Incident

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...