Recently, the American division of Volkswagen AG (Volkswagen Group of America, Inc., VWGoA) warned of a customer data breach by a third-party vendor working with the car producer on sales and marketing.
The leak was reported to have affected more than 3.3 million customers, most of whom are Audi owners.A flaw in the third-party company’s system existed from August 2019 to May 2021, and the data was presumably stolen from an unsecured Azure BLOB container.
The automaker reported that the leak contains the following personal data: name and surname, personal or business mailing address, email address, phone number.
What is worse, the data for approximately 90,000 Audi customers and interested buyers was more complete, including driver’s license numbers, dates of birth, social security numbers, bank accounts, and tax identification numbers.
Bleeping Computer reports that now, on June 14, on a popular hacker forum, a well-known vendor of stolen data on the darknet put up the information stolen from VWGoA for sale. The hacker claims that the dump contains more than 5,000,000 records, of which 3,862,231 records are data of potential customers, and 1,792,278 records are data of car owners.
The attacker assesses the cost of the dump between $4,000 and $5,000 for all entries, but claims there are no social security numbers in the database.
The publication notes that for $1,000, the same hacker is selling a database of an unnamed VPN provider that owns several Android apps on the Google Play store. In addition, the culprit claimed responsibility for the recent data breach from the popular recipe site Copy Me That.
VWGoA has already started notifying affected customers. 90,000 people will receive free credit monitoring services and $1,000,000 in identity theft insurance.
As we said, Air India reports data leak of 4.5 million passengers.