IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Millions of Volkswagen customers affected by data breach

The incident stems from a vendor that left customer information unsecured

A data breach at the US subsidiary of the Volkswagen Group has affected 3.3 million customers after a vendor left unsecured data exposed on the internet.

Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group that looks after Volkswagen, Audi, Bentley, Bugatti, and Lamborghini operations in the US and Canada. 

According to data breach notifications filed with the attorneys general of California and Maine, the company believed that the data was obtained when a vendor left electronic data unsecured at some point between August 2019 and May 2021.

According to a notification letter sent to customers, on March 10, the company was alerted that an unauthorized third party may have obtained certain customer information.

The letter read: “We immediately commenced an investigation to determine the nature and scope of this event.” The investigation confirmed the third party obtained limited personal information received from or about customers and interested buyers, from a vendor used by Audi, Volkswagen, and some authorized dealers in the United States and Canada. The letter didn’t state who the offending vendor was.

“This included information gathered for sales and marketing purposes from 2014 to 2019. We believe the data was obtained when the vendor left electronic data unsecured at some point between August 2019 and May 2021, when we identified the source of the incident,” the letter continued.

Related Resource

A guide to enterprise detection and response providers

The 12 providers that matter most and how they stack up

Forrester enterprise detection WPDownload now

Among the data exposed were customers’ first and last names, personal or business mailing addresses, email addresses, and phone numbers. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the vehicle identification number (VIN), make, model, year, color, and trim packages.

"The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers,” the letter stated.

A letter from the company’s lawyers said that for the 90,000 customers who had more sensitive data exposed, the company would provide free credit protection services, $1 million of insurance, and assistance in the event of identity theft. 

VWGoA is now notifying affected customers of the breach and warning them to remain alert for suspicious emails or other communications. 

VWGoA is conducting a full security review with the vendor to identify if further security enhancements are reasonable and appropriate, according to the lawyers’ letter.

Featured Resources

How to hold more productive meetings

Tips and tricks to get the most out of your meetings

Free Download

Enabling the future of work with embedded real-time communication

A new dimension of human interaction is coming to digital work

Free Download

How to do hybrid work right

Overcoming challenges in the transition to hybrid work

Watch now

HCI 2.0 From HPE: How it can help your business thrive

Why SMBs need to accelerate digital transformation with HCI

Free download

Recommended

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022
What is phishing?
phishing

What is phishing?

29 Apr 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022