Volkswagen declared that more than 3.3 million customers had their information exposed in a massive data breach, that happened after one of its vendors left a cache of customer data unsecured on the internet.

The carmaker declared in a letter that the vendor, used by Volkswagen, its subsidiary Audi and authorized dealers in the U.S. and Canada had left the customer data spanning 2014 to 2019 unprotected over a two-year window between August 2019 and May 2021.




What Type of Data Was Leaked?

The data was gathered for sales and marketing purposes and contained personal information about customers and prospective buyers.

Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group and is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.

Data breach notifications filed with the California and Maine Attorney General’s office, have disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.

In March, the VWGoA was notified by this specific vendor that an unauthorized person managed to access the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.

The VWGoA representatives are stating the fact that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.

It looks like the data breach exposed information ranging from contact details to more sensitive information such as social security numbers and loan numbers.

The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.

The data also included more sensitive information relating to eligibility for purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.


For the 90,000 customers who had sensitive data exposed, Volkswagen is providing free credit protection and monitoring services that are including $1 million of insurance against identity theft.

It’s important to also note that VWGoA started to notify affected customers and prospective customers through mail and also says that customers should be on the lookout for suspicious emails, calls, or texts.

Unfortunately, as the Audi and Volkswagen data were left unsecured for such a long period of time, there is no way to know how many people had gained unauthorized access to it, therefore, all communications claiming to be from Audi or Volkswagen should be treated with suspicion, and the victims who had more sensitive data exposed should freeze their credit report in order to make it harder for third parties to perform identity theft.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

A New Ransomware Group Claims it Breached Over 30 Organizations

A Nine-Year-Long Data Breach was Disclosed by Malaysia Airlines

10 Tips to Keep Your Data Private Online

Leave a Reply

Your email address will not be published. Required fields are marked *