The Bleeping Computer reported on June 12 that both Audi and Volkswagen experienced a serious data breach exposing unsecured customer information online.
A data breach notification filed in California and Maine with the Attorney Generals’ Offices stated that a vendor exposed data online from August 2019 to May 2021. The Attorney General was notified on March 20 that a hacker or other unauthorized individual had accessed data from Audi, Volkswagen, and some authorized dealers. The data was originally collected for sales purposes but left unsecured online for two years.
The Bleeping Computer explains that “Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.”
Volkswagen Group of America, Inc. noted that 3.3 million customers are affected by the data breach, and 97% of those are Audi customers and potential buyers.
What Was Stolen?
So far, there is no absolute indication about what information was exposed or stolen; however, the Bleeping Computer implies that it could just be basic contact information, but it could also include personally identifiable information (PII) such as social security numbers, date of birth, driver’s license numbers, and loan details. Volkswagen did not name the vendor in question.
The data breach notification mentions that “The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages.” TechCrunch first reported the story.
“The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.”
At least 90,000 of the customers exposed included sensitive information like social security numbers. As a remediation, Volkswagen is offering free credit monitoring services and identity theft protection to those affected.
Volkswagen started notifying customers through the mail on June 11. They also warn them to be on the lookout for any suspicious calls, text messages, or emails that could be phishing attempts or fraud techniques.
What Can Data Breach Victims Do?
The data was exposed for a long time. Experts theorize that multiple parties may have accessed and copied it, posing a myriad of threats. They strongly suggest that anyone affected by the data breach put a freeze on their credit right away and secure any other information linked to Volkswagen or Audi. This might include:
- Bank accounts.
- Online accounts.
- Credit card accounts.
- Social security number.
- Home address
Some tips to stay safe are:
- Change passwords for all your bank accounts, credit cards, and online accounts with Audi or Volkswagen.
- Check your credit report looking for any suspicious activity.
- Contact your bank and loan institutions to keep an eye on your accounts.
- Consider beefing up home security.
- Contact the three credit bureaus to notify them of the data breach and secure your social security number with a credit freeze or lock.
- Be on the lookout for any signs of fraud or unauthorized access to your accounts.
- Regularly monitor bank and credit card statements.
- Use very strong passwords on all accounts.
- Never reuse passwords.
- Do not click links or download attachments in email.