Volkswagen has said that a security lapse at one of its vendors impacted at least 3.3 million customers and prospective buyers. The German carmaker said that data was exposed after customer data was left unsecured on the internet by one of its vendors. The data was exposed for more than two years. The company said that the vendor left the data unprotected for around 24 months between August 2019 and 2021. The data of customers was spanning from the year 2014 to 2019. The data was of the people who did business either with Volkswagen or Audi during the year. The company said that the information was gathered for sales and marketing purposes. The carmaker has now notified Maine’s attorney general of the security lapse. It said that the data had personal information about customers. The information included that information like name, email, phone number, and postal address.
The carmaker said that sensitive data of around 90,000 customers across Canada and the United States was also exposed. The information was related to their loan eligibility. The company said that in most of the cases, the license numbers of drivers were exposed. But in some cases, it included data of birth customers and their social security numbers. Volkswagen has so far not named the vendor. A spokesperson of the company said that they are working with the vendor and security agencies to assess and respond to the situation. “It was recently brought to our notice that an unauthorized third party managed to access limited personal information of our existing or prospective customers. We regret the inconvenience that the incident caused. We have informed all the concerned authorities. We request individuals to remain alerts.”
Volkswagen said that it informing all individuals personally. “Even if it is not required by the law agencies, we are doing it. We will also offer free credit protection services to people whose sensitive information was breached,” the company said in a statement. Volkswagen Group is the second-largest carmaker in the world by yearly revenue. The company said it has no evidence that data accessed was misused. For those who are unaware, this is the latest incident of a data breach involving the license number of drivers in recent months. Earlier this year insurance giants Metromile and Geico was the victim of scammers. The unauthorized third party abused their quote forms and tried to obtain driver license numbers.