The American division of Volkswagen AG (Volkswagen Group of America, Inc., VWGoA) reported a data breach by one of the third-party vendors working with the automaker in sales and marketing. The leak affected more than 3.3 million customers, most of whom are Audi owners.
A flaw in the third-party company’s system existed from August 2019 to May 2021, and as a result, an unauthorized person gained access to the personal data of customers. The leak was reported by TechCrunch, which received a letter written by representatives of Volkswagen to the Attorney General of Maine.The document says the leak was caused by a third-party vendor who left one of their systems unprotected. VWGoA learned about the problem on March 10 of this year, however, for some reason, it took the vendor two more months to fix their server.
Not all Volkswagen customers were affected by the incident: according to the company, in total were involved 3.3 million people, and more than 97% were Audi owners or people interested in buying such cars.
It is reported that the leak contains the following personal data: name and surname, personal or business mailing address, email address, phone number. In some cases, the above data is also supplemented with information about the car purchased, rented or of interest to the client, including VIN, make, model, year of manufacture, colour and equipment.
VWGoA has already started notifying affected customers. The aforementioned 90,000 people will receive free credit monitoring services and $1,000,000 in identity theft insurance.
Let me remind you that in late April 2021, the District of Columbia Central Police Department reported a hack and possible data leak after screenshots of internal files from the department’s servers were published on the Babuk Locker ransomware website.