Volkswagen and Audi have suffered a data breach that affected 3.3 million customers in total. The breach was a result of a vendor exposing unsecured data on the Internet.
Volkswagen Group of America, Inc. (VWGoA) is responsible for the North American operations of the German Volkswagen Group.
The company reported to the California and Maine Attorney General’s office that a vendor’s failure to secure its data exposed the personal information of its customers between August 2019 and May 2021. VWGoA learned about the breach on March 20, 2018, when a vendor notified them that their customer data was accessed by an unauthorized person. Besides Volkswagen, information for Audi and some authorized dealers may have leaked.
According to the company, the breach affected 3.3 million customers, of whom 97% were Audi customers or interested buyers.
The information that was exposed included contact and vehicle information.
“The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages,” explains the VWGoA data breach notification first reported by TechCrunch.
The data also included a variety of more sensitive information, such as social security numbers and driver’s license numbers, belonging to 90,000 customers.
“The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.”
VWGoA has started informing affected customers and potential customers about the company’s breach.
For those 90,000 customers whose sensitive information was exposed, Volkswagen is offering free credit protection, monitoring services, and $1 million of insurance against identity theft.