Connect with us

Business

Mercedes-Benz USA admits some customers’ credit card details, driver’s license numbers were accessible for 3.5 years

Published

on

Mercedes-Benz USA has reported a data breach in which some customers’ sensitive personal data was potentially accessible to malicious hackers for three and a half years.

A vendor alerted the carmaker to the incident, in which the data was “inadvertently made accessible on a cloud storage platform”, on June 11 after an external security researcher spotted the blunder, according to a press release published yesterday (June 24).

A subsequent investigation determined that fewer than 1,000 Mercedes-Benz customers and prospective buyers were affected.

The data “is comprised mainly of self-reported credit scores as well as a very small number of driver license numbers, social security numbers, credit card information, and dates of birth”, said Mercedes-Benz USA.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014, and June 19, 2017.”

Special tools required

The automotive giant said the “vendor confirmed that the issue is corrected and that such an event cannot be replicated”.

It added: “No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”

Mercedes-Benz USA also said that the data could only be accessed by someone with “knowledge of special software programs and tools”, adding that “an internet search would not return any information contained in these files”.

The ongoing investigation was initially launched to assess whether approximately 1.6 million unique records, primarily consisting of names, addresses, emails, phone numbers, and purchased vehicle information, were accessible.

However, it was later confirmed that only the 1,000 people were affected.

Mercedes-Benz USA said it has already begun notifying individuals and will notify relevant government agencies in due course.

Anyone whose credit card information, driver’s license number, or Social Security Number were potentially exposed will be offered complimentary 24-month subscription to a credit monitoring service, it added.

The Daily Swig has contacted Mercedes-Benz USA for further comment. We will update the article if and when they reply.

Source: https://portswigger.net/daily-swig/mercedes-benz-usa-admits-some-customers-credit-card-details-drivers-license-numbers-were-accessible-for-3-5-years

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO