Mercedes-Benz USA has revealed the “sensitive personal information” of nearly 1,000 customers and potential customers was inadvertently made accessible on a cloud storage platform.
The company didn’t go into many specifics, but said they were tipped off by an external security researcher who presumably came across the information.
The automaker is investigating the incident in cooperation with its vender, and said it believes the information was “entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017.” The company went on to say none of their systems were compromised and there is no evidence, at this time, that any of the information was used maliciously.
Also Read: Honda Canada Hacked: 250,000+ Customers Affected By Security Breach
While that’s good news, the automaker noted the files included a “small number of driver license numbers, social security numbers, credit card information and dates of birth.” That’s pretty much an identity theft and credit card fraud starter kit, but Mercedes said someone “would need knowledge of special software programs and tools” to find the information as it wasn’t accessible via a basic internet search. The company added the issue has been fixed and their vendor has ensured them the incident can’t be replicated.
However, it appears approximately 1.6 million records were exposed in total. Mercedes said the “vast majority of these records included information such as name(s), address(es), emails, phone numbers, and some purchased vehicle information.” That being said, the roughly 1,000 records containing sensitive information are far more serious.
Mercedes-Benz USA has already begun notifying individuals whose sensitive information was accessible and stated anyone who had their credit card information, driver’s license number or social security number included in the data will be offered a complimentary 24-month subscription to a credit monitoring service.
