Heimdal
article featured image

Contents:

Last week, Volkswagen Group of America, Inc. (VWGoA) declared that more than 3.3 million customers and interested buyers had their information exposed in a tremendous data breach, that occurred after a vendor exposed unsecured data on the Internet.

The vendor is a company that provides services to Audi, Volkswagen, and some authorized dealers related to digital sales and marketing activities.

This Monday, cybercriminals put the data stolen from the German motor vehicle manufacturer on sale on an infamous hacking forum.

In a data breach notification, the organization declared:

The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number.

In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.

Source

While this incident is still under investigation, Audi and Volkswagen think approximately 3.3 million individual customers and interested buyers were impacted, with more or less 163,000 individuals living in Canada.

The Audi and Volkswagen Stolen Data on Sale on a Notorious Hacking Forum

On Monday, a known seller of data stolen during data breaches made the Audi and Volkswagen data available to be purchased on a popular hacking forum.

According to a post on the forum, the sold data consists of over 5 million records, with 3,862,231 records being leads and 1,792,278 records in the sales database.

Audi and Volksvagen forum post

Source

According to Motherboard, a hacker that goes by 000 declared that the information included email addresses and Vehicle Identification Numbers (VIN). The attacker also published two samples of the data, which contained full names, email addresses, mailing addresses, and phone numbers.

When contacted, seven of the people included in the samples confirmed that at least one piece of their information published by the cybercriminals was authentic.

The seller, who obtained the data in March 2021 after finding it in an unsecured Azure Blob container, stated it didn’t include any Social Security Numbers nor drivers’ license details and added that she is asking between $4,000 and $5,000 for the whole database.

A Volkswagen representative shared a declaration that addressed the incident but did not include any details about the hacking forum matter. He said that “we cannot comment beyond our public disclosures.”

The carmaker added that the stolen information varied from 2014 until 2019 and that it is informing all those impacted.

Emails or letters are sent to the victims by the company, providing free credit monitoring and warning them that they may receive phishing attacks using the stolen data.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE