Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA).
The incident was discovered on March 10, 2021 and a law enforcement investigation was immediately launched into the matter, the auto conglomerate said.
The investigation revealed that a third party gained access to various information gathered between 2014 and 2019 and which was left exposed “at some point between August 2019 and May 2021,” when the source of the leak was identified.
“VWGoA discovered the information at issue included more sensitive personal information on or about May 24, 2021. VWGoA completed the analysis to identify which specific individuals were impacted on or about June 7, 2021,” the company said in a letter to the Maine Attorney General.
[ Related: Auto Insurance Giant GEICO Discloses Data Breach ]
As part of the incident, “limited personal information” on customers and interested buyers in the United States and Canada was accessed, VWGoA says. The data was leaked by a vendor that Audi, Volkswagen, and authorized dealers use.
The exposed data includes names, email and mailing addresses, and phone numbers. In some cases, information on the purchased or leased vehicles was also compromised, including Vehicle Identification Number (VIN), make, model, color, trim packages, and year.
More than 3.3 million individuals were impacted in the incident. According to VWGoA, for “over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers.”
For roughly 90,000 Audi customers, or individuals interested in making a purchase, the leaked data also includes information on eligibility for a purchase, loan, or lease. In most cases (over 95%), this includes driver’s license numbers.
“A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers,” VWGoA says.
The company is already informing the affected individuals of the data breach. A copy of the letter sent to customers and interested buyers was also filed with the Maine Attorney General’s office.
Related: Auto Insurance Giant GEICO Discloses Data Breach
Related: Oilfield Services Company Gyrodata Discloses Data Breach
Related: Shell Says Personal, Corporate Data Stolen in Accellion Security Incident
More from Ionut Arghire
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
Latest News
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
- Backslash Snags $8M Seed Financing for AppSec Tech
