Audi and Volkswagen suffer a data breach that affects 3.3 million customers in Canada and the United States.
Over 3.3 million Volkswagen and Audi customers and prospective buyers were affected by a data breach. Thousands of sales records were exposed online due to unsecured data.
Most affected individuals purchase Audi vehicles or are considering purchasing them in the near future. There are 163,000 individuals in Canada, while the rest are from the United States.
Most of the sensitive information was comprised of driver license numbers. A small number of records include additional data like dates of birth, Social Security numbers and account numbers.
Volkswagen Customers Data Breached
“Volkswagen Group of America said, an unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.”
An electronic file that the vendor left unsecured contained information collected for sales and marketing between 2014 and 2019.
Data breaches mostly affect phone numbers and email addresses, the company told regulators. Data may also include information about a purchased, leased, or inquired about vehicle.
Audi Customers Data Breach
“VW said 90,000 Audi customers and prospective buyers had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.”
More than 3.1 million people affected are in the United States.
In a limited number of cases, an Audi or Volkswagen customer or interested buyer provided names and contact information for a relative or personal reference to an authorized dealer for purposes of seeking financing of some kind,” notification partner IDX says.
“Audi and Volkswagen are working with third-party cybersecurity experts to assess and respond to this situation and have taken steps to address the matter with the vendor involved,” the firms say.
Also, emails or letters can be sent to individuals who were not directly affected by the security incident.
Cyber Investigation
The investigation confirmed in early May 2021 that a third party obtained limited personal information received from or about customers and interested buyers from a vendor used by Audi, Volkswagen, and some authorized dealers in the United States and Canada.
This included information gathered for sales and marketing purposes from 2014 to 2019. We believe the data was obtained when the vendor left electronic data unsecured at some point between August 2019 and May 2021, when we identified the source of the incident, said IDX.
Also See: Causes of Data Breach