Mercedes-Benz USA has published an announcement about a data breach that has compromised the sensitive personal information of roughly a thousand customers and interested buyers of the firm’s cars. From what appears to be the case, the security lapse is the result of a database exposure that concerns information entered by visitors of the site between January 1, 2014, and June 19, 2017. The compromise has not taken place directly on any Mercedes-Benz systems but on a vendor system that was contracted by the car brand.
The vendor is the one who gives the estimation of fewer than 1,000 individuals having been compromised. Still, as Mercedes-Benz hasn’t concluded its independent investigation on the incident, there’s some reservation around the accuracy of this figure. As for what the exposed dataset includes, that would be driver license numbers, social security numbers, credit card information, and dates of birth. In total, 1.6 unique million records corresponding to a thousand individuals have been exposed online.
None of these were indexed by Google Search, so to access the information of the exposed database, one would have to use specialized search engines and software tools. However, and considering the large number of crooks who rummage the web every day for exposures of this kind, there’s no doubt about whether anyone has accessed the data or not. Mercedes-Benz got to learn about the incident on June 11, 2021, but the date of the first misconfiguration hasn’t been made known, so the period of exposure could be extensive.
All exposed individuals have already received a personalized notice about this security incident, while the company has also informed the appropriate government agencies. In addition to this, all of the affected clients who entered credit card information on the online forms will now be offered a 24-month credit monitoring service, the cost of which will be covered by Mercedes-Benz. If you believe that you may have been affected by this incident, you may call a support agent at 1-800-367-6372 and address your concerns.
Whether or not this incident is linked to the recent security lapse of a VW and Audi vendor who exposed the information of 3.3 million customers and interested buyers remains a question. The two occurrences are quite similar in type, and we wouldn’t be surprised if the same entity hides behind both cases. After all, the time of the discovery for both is the same, which is definitely suspicious.