If you shared personal information with Mercedes-Benz between January 2014 and June 2017, your data may have been exposed. This week, the German automaker reported the initial findings of its investigation regarding the breach after a vendor raised the alarm on June 11 of this year.
While Mercedes-Benz says “no Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused,” the company is taking the threat seriously. The inquiry revealed that out of 1.6 million unique records, the private information of fewer than 1,000 buyers and potential buyers was potentially exposed.
An external security researcher found that for the three-and-a-half-year period of time, credit scores, driver license numbers, social security numbers, credit card information, and birth dates may have been accessible via a cloud storage platform. That sounds terrifying from an identity theft perspective. However, the company says, any bad actors would have required high-level knowledge of specialized software programs and tools. A casual internet search would not have uncovered the data at risk.
As compensation, the automaker is rolling out two-year subscriptions to a credit monitoring service for those affected. Most importantly, the hole has been patched and Mercedes-Benz says this particular opening can no longer be accessed.
This number is a fraction of the customers affected by the Volkswagen and Audi breach a few weeks ago. In that case, the data of more than three million shoppers and buyers were reported stolen, according to Reuters. Volkswagen found that sensitive information for 90,000 people had been stolen. Those people received the same compensation: subscriptions to a credit monitoring service. That may not offer much comfort, but it’s better than nothing. Ultimately, every data breach results in better privacy practices; automakers are in a constant crunch to stay ahead of hackers and leaks.
Got a tip? Send the writer a note: firstname.lastname@example.org