Mercedes-Benz data breach impacted roughly 1000 individuals

Mercedes-Benz USA disclosed a data breach that impacted 1.6 million customers, exposed data includes financial data and social security numbers (SSNs).

Mercedes-Benz USA disclosed on Friday a data breach that impacted some of its customers and potential vehicle buyers. The incident exposed approximately 1.6 million unique records containing customers’ info, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact.

Data belongs to individuals that provided their information to Mercedez-Benz and dealer websites between 2014 and 2017.

For less than 1000 of the impacted customers and potential buyers, the carmaker revealed that exposed data includes social security numbers, credit card information, and driver license numbers.

The company became aware of the data breach on June 11th, after one of its vendors reported that the personal information of some customers stored on a cloud storage was exposed.

“On June 11, 2021, a vendor informed Mercedes-Benz that sensitive personal information of less than 1,000 Mercedes-Benz customers and interested buyers was inadvertently made accessible on a cloud storage platform.” reads a press release published by the company. “It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017. No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”

Mercedes-Benz immediately launched an investigation with the help of an external security researcher, the company pointed out that its systems were not compromised.

The company is not aware of any abuse of the accidentally exposed information, it also confirmed that the issue was already solved.

Mercedes added that exposed information could only be viewed using special tools and is not indexable by crawlers of Internet search engines.

“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” continues the press release.

Mercedes-Benz is going to offer complimentary 24-month subscription to a credit monitoring service to any individual who had credit card information, a driver’s license number or a social security number included exposed in the incident.

The company will also notify the appropriate government agencies.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Mercedes)

[adrotate banner=”5″]

[adrotate banner=”13″]