In the latest developments, Volkswagen America has reported a data breach attack that impacted more than 3.3 million customers’ private data.

Volkswagen data breach compromises sensitive customer data:

Reportedly, Volkswagen noted that it was their American branch that was collaborating with a third party vendor for sales and marketing purposes which was hacked and left its subsidiary Audi and authorized dealers in the U.S. and Canada customer data unprotected.

The Volkswagen customer data spanning 2014 to 2019 was hacked over a two-year window between August 2019 and May 2021.

Investigation of the data breach provides that the Volkswagen America vendor was hacked as a result of one of their servers staying unsecured online.

The automobile said that they came to know of the data breach on March 10. Taking subsequent action, the third-party vendor of the automobile manufacturer toiled two months to take appropriate measures and secure its server.

Volkswagen notes that the data breach did not impact all of its customers in the same fashion.

Seemingly, most of the customers whose data was compromised were Audi car owners while the automobile manufacturer provides that for certain customers, sensitivity was definitely exposed. Some customers were less critically compromised since less personal data stored on the hacked server of the third-party vendor. 

The data, which the car manufacturer said was gathered for sales and marketing, included private data about customers and prospective buyers, including their names, postal and email IDs, and phone numbers.

Also read,

However, more than 90,000 customers across the U.S. and Canada also had more sensitive data exposed, including information relating to loan eligibility. Volkswagen stated that the limited amount of sensitive data that was exposed also included driver’s license numbers as well as dates of birth and Social Security numbers.

What does the automobile manufacturer say?

Volkswagen provided the details of the customer data breach in its Main OAG letter stating the following:

“For over 97% of the individuals, the exposed information consists solely of contact and vehicle information relating to Audi customers and interested buyers, including some or all of the following contact information: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also includes information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.

For approximately 90,000 Audi customers or interested buyers, the data also includes more sensitive information relating to eligibility for a purchase, loan, or lease. Nearly all of the more sensitive data (over 95%) consists of driver’s license numbers. A very small number of records include data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.”

Ongoing investigations:

The automobile manufacturer has also been working in coordination with the concerned law authorities and security experts to study the reach of the data breach attack.

Since investigations still underway, details of the Volkswagen data breach remain yet unclear, thereby giving rise to concerns as to whether the hacked data had been downloaded and mal-utilized by malicious entities.