The Volkswagen Group of America (VWGoA), a subsidiary of the German Volkswagen Group, recently disclosed a large scale data breach that exposed the personal data of more than three million VW customers.
The incident came about because between August of 2019 and May of 2021, one of VWGoA’s vendors left unsecured data exposed on the internet.
The company was notified by the vendor that an unauthorized person or persons had accessed the unsecured data and may have obtained customer information for people who had purchased an Audi or Volkswagen during that time, in addition to exposing some details on the dealerships where the vehicles were purchased. A forensic analysis revealed that information belonging to 3.3 million customers was exposed, and that 97 percent of those records related to customers of Audi vehicles or interested buyers.
The information in the vulnerable database varies widely from one customer to the next, but generally includes full names, email addresses and phone numbers, and more than 95 percent of the compromised records also included driver’s license numbers.
A small number of exposed customer records, numbering approximately 90,000, also contained social security numbers. For those customers, VWGoA is offering one year of free credit protection and monitoring, and a $1 million insurance policy that protects against identity theft.
VWGoA has also begun the process of notifying all impacted customers. So if you purchased a BMW or Audi during the time frame mentioned above, or if you expressed an interest in doing so, you may be contacted by Vokswagen.
Unfortunately, the database was left exposed for an extended period of time, and there’s no telling how many bad actors may have gained access to it. Right now, security professionals are monitoring the Dark Web in case the data begins appearing there. So far, it has not, but that could happen at any time.