Volkswagen Group of America announced on June 11th that an unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands, and some U.S. and Canadian dealers, used for digital sales and marketing. The leaked information had, by the vendor, been stored in an unprotected file of sales and marketing between 2014 and 2019.

The data breach impacted more than 3,3 million customers and prospective buyers in North America, where most of the impacted were current or potential customers of the Audi VW brand.

According to VW, most of the customers only had their phone numbers and e-mail addresses potentially impacted by the data breach. And only in some cases (approx. 90’000 customers) the data also included information about a vehicle purchased, leased, or inquired about. Though, regarding sensitive data, driver license numbers were comprised in more than 95% of cases, whereas a small number of records included additional data like dates of birth, Social Security numbers and account numbers. However, VW does not believe that sensitive information is involved in Canada, but more then 3,1 million people affected are in the United States.

VW believes the data were obtained sometime between August 2019 and when the automaker identified the source of the incident (i.e., May this year). VW has said to offer free credit protection services to those individuals impacted.

Written by Joakim Rosell