Mercedes-Benz USA has recently reported a data breach that involved the sensitive data of some of its customers which was exposed to threat actors for a period of over three years.

Mercedes-Benz Data Breach:

On the 11th of June, Mercedes-Benz USA was notified of the incident by a vendor, stating that the data was unintentionally provided access on a platform that gives cloud storage.  

According to the press release by Mercedes-Benz USA made on June 24th, this was after an external security expert was able to detect the error.

Investigations of the data breach:

Subsequently, an investigation was initiated for the exposed database and it was found that data of around 1,000 customers of the carmaker which included existing as well as potential customers, was exposed. 

The data “is comprised mainly of self-reported credit scores as well as a very small number of driver license numbers, social security numbers, credit card information, and dates of birth”, said Mercedes-Benz USA.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014, and June 19, 2017.”

According to the automobile manufacturer, the data vendor, who manages the digital sales and marketing activities for MB customers and interested buyers, has confirmed that the issue has been investigated and resolved and they would look into it that such an incident does not occur again. 

The organization has also affirmed that no Mercedes-Benz systems were affected due to the data breach. “At this time, we have no evidence that any Mercedes-Benz files were maliciously misused,” stated Mercedes-Benz.

It was also provided that even though the data was exposed, it could only be accessed by someone who would know their way around with their systems’ software programs and tools.

“An internet search would not return any information contained in these files” it noted.

Mercedes-Benz USA said it has already begun notifying individuals and will notify relevant government agencies in due course.

Anyone whose credit card information, driver’s license number, or Social Security Number was potentially exposed will be offered a complimentary 24-month subscription to a credit monitoring service, it added.