Volkswagen published a letter stating that an unauthorized third party had obtained the personal information of some customers. This data breach impacted over 3.3 million customers because one of the company’s vendors failed to protect personal data for marketing and sales purposes.
The data was collected between 2014 and 2019, and the vendor kept the electronic data unsecured between August 2019 and May 2021, which was enough time for the cyber-attacks. However, Volkswagen has not mentioned the name of the vendor.
However, until now, the data has not been used for malicious purposes, but the risk remains.
The personal details included the first and last names of the customers, phone numbers and business and personal mail Ids. Other than this, the Vehicle Identification Number (VIN), model, year of manufacturing, trim packages and purchase details are also available for some customers.
Those electronic documents also exposed the date of birth, driving license number, and social security numbers.
Approximately 90,000 people in US and Canada have been victims of this data leakage.
Law enforcement has been informed about this incident that Volkswagen is working with external cybersecurity teams to figure out the best response for this data leakage. This company has decided to provide identity protection along with 24 months of CyberScan monitoring and credit. Other than this, an insurance reimbursement policy of $10,00,000 has also been provided, along with the promise of theft recovery services in the future.