"Mercedes Benz Data Leak Includes Card and Social Security Details"

Mercedes Benz has released details of a data breach affecting customers and prospective buyers in the US. The luxury carmaker stated that a vendor had informed them on June 11th that information belonging to customers was inadvertently made accessible on a cloud storage platform. It appears that a third-party security researcher first raised the alarm to the vendor. Although the initial investigation was set to discover whether 1.6 million unique records had been exposed, subsequent findings indicated far fewer customers and interested buyers were affected. During the investigation, it was found that the personal information of fewer than 1,000 individuals was compromised. The information leaked was comprised mainly of self-reported credit scores and a minimal number of driver’s license numbers, social security numbers, credit card information, and dates of birth. To view the information, the company stated that one would need knowledge of special software programs and tools and that an internet search would not return any information contained in the exposed files. The individuals affected entered their information on dealer and Mercedes-Benz websites between January 1, 2014, and June 19, 2017. Although it’s unlikely that threat actors managed to locate and access the information, it’s unclear how long it had been exposed for. Mercedes Benz USA confirmed that none of its systems were compromised in the incident and said the issue had been mitigated and can’t happen again.

 

Infosecurity reports: "Mercedes Benz Data Leak Includes Card and Social Security Details"

Submitted by Anonymous on