June 24, Mercedes-Benz disclosed a data breach that impacted some customers and potential buyers. Mercedes was informed on June 11th, by a vendor, that personal information of selected customers had been exposed due to an insufficiently secured cloud storage instance. In the press release, found on their website, Mercedes-Benz states:
“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017. No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”
According to the vendor who notified Mercedes about the data breach, the leaked information contained: self-reported customer credit scores, driver license numbers, social security numbers, credit card numbers and dates of birth. However, Mercedes-Benz states that this information can not be reached by simply searching the Internet with a typical search engine. “To view the information, one would need knowledge of special software programs and tools.” The company state at their website.
From the investigation conducted in cooperation with the vendor, and the work of an external security researcher, Mercedes-Benz could release their data breach statement. And, by assessing approx. 1.6 million unique customer records, which included name, address, emails, phone numbers, and some purchased vehicle information, the investigation could conclude that less than 1 000 customers have had their “additional” personal information exposed via the publicly accessible cloud storage solution.
As the data breach relates to the American market, Mercedes-Benz USA, claims that they are in the process of contacting the affected individuals, and states:
“Any individual who had credit card information, a driver’s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies”.
Written by Joakim Rosell