Volkswagen has officially acknowledged a massive data breach that exposed the data of millions of customers, including in some cases very sensitive details such as Social Security numbers, account data, and tax identification information.
The hack attack made the headlines earlier this month when Volkswagen Group of America said it would reach out to 90,000 customers to offer free credit protection, but according to a public advisory, some 3.3 million people might actually be affected.
The data breach exposed information like contact details, including first and last name, personal or business mailing address, email address, and phone numbers of approximately 3.3 million individual customers and interested buyers.
In some cases, the hackers obtained access to more sensitive information such as the vehicle their purchased or leased, the VIN, make, model, year, and trim packages.
The 90,000 customers that Volkswagen is now reaching out to are the most affected, as the Germans say their dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers have all been exposed. No passwords have been compromised though.
Volkswagen says it became aware of the hack on March 10 this year, but the breach actually occurred “at some point between August 2019 and May 2021.”
“The investigation confirmed in early May 2021 that a third party obtained limited personal information received from or about customers and interested buyers from a vendor used by Audi, Volkswagen, and some authorized dealers in the United States and Canada. This included information gathered for sales and marketing purposes from 2014 to 2019,” Volkswagen said.
At this point, neither Volkswagen nor Audi knows who is behind the attack, but the group says the investigation continues, with state authorities in the United States and Canada also involved. The name of the vendor that was breached wasn’t revealed, but the company says “it provides services to Audi, Volkswagen, and some authorized dealers related to digital sales and marketing activities.”
Volkswagen has released a gigantic FAQ to respond to all questions related to the breach, and you can find all details on that page.
The data breach exposed information like contact details, including first and last name, personal or business mailing address, email address, and phone numbers of approximately 3.3 million individual customers and interested buyers.
In some cases, the hackers obtained access to more sensitive information such as the vehicle their purchased or leased, the VIN, make, model, year, and trim packages.
The 90,000 customers that Volkswagen is now reaching out to are the most affected, as the Germans say their dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers have all been exposed. No passwords have been compromised though.
Volkswagen says it became aware of the hack on March 10 this year, but the breach actually occurred “at some point between August 2019 and May 2021.”
“The investigation confirmed in early May 2021 that a third party obtained limited personal information received from or about customers and interested buyers from a vendor used by Audi, Volkswagen, and some authorized dealers in the United States and Canada. This included information gathered for sales and marketing purposes from 2014 to 2019,” Volkswagen said.
At this point, neither Volkswagen nor Audi knows who is behind the attack, but the group says the investigation continues, with state authorities in the United States and Canada also involved. The name of the vendor that was breached wasn’t revealed, but the company says “it provides services to Audi, Volkswagen, and some authorized dealers related to digital sales and marketing activities.”
Volkswagen has released a gigantic FAQ to respond to all questions related to the breach, and you can find all details on that page.