Contents:
It looks like the Mercedes-Benz data breach exposed important information such as credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.
In order to determine how important was the impact that the data breach created, the company started by assessing 1.6 million customer records which included customer names, addresses, emails, phone numbers, and purchased vehicle information.
What Happened?
At the beginning of June, a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance, and according to the company, the breach affected some customers and potential vehicle buyers who had entered sensitive information on Mercedes-Benz company and dealer websites between 2014 and 2017.
On June 11, 2021, a vendor informed Mercedes-Benz that sensitive personal information of less than 1,000 Mercedes-Benz customers and interested buyers was inadvertently made accessible on a cloud storage platform. This confirmation was part of an ongoing investigation conducted in cooperation with the vendor. The issue was uncovered through the dedicated work of an external security researcher. It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017. No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.
Data security is a serious matter for MBUSA. Our vendor confirmed that the issue is corrected and that such an event cannot be replicated. We will continue our investigation to ensure that this situation is properly addressed.
The vendor reports that the personal information for these individuals (less than 1,000) is comprised mainly of self-reported credit scores as well as a very small number of driver license numbers, social security numbers, credit card information and dates of birth. To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files.
The vendor who notified Mercedes-Benz of the data breach states that the exposed information included self-reported customer credit scores, driver’s license numbers, Social Security Numbers (SSNs), credit card numbers, and dates of birth belonging to the customers.
Fortunately, it looks like the leaked information from the Mercedes-Benz data breach would not have been searchable on or indexed by a typical search engine.
To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files.
After reviewing 1.6 million unique customer records, it was determined that under 1,000 customers have had their “additional” personal information exposed via publicly accessible cloud storage solution, and the company is now contacting all the affected individuals in regards to this incident.
Any individual who had credit card information, a driver’s license number, or a social security number included in the data will be offered a complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies.
Not the First Automotive Giant to Suffer a Data Breach
Recently Volkswagen disclosed as well that it was the victim of a massive data breach, that happened after one of its vendors left a cache of customer data unsecured on the internet.
In this specific incident, the personal data of 3.3 million prospective and actual Audi customers were exposed on an unnamed third-party vendor’s database.