Data breach affects more than 3 million Audi and Volkswagen customers

Cybersecurity specialists report that failures at an Internet service provider led to the breach of confidential data held by auto companies Audi and Volkswagen. In the incident report, filed with the California Attorney General, it was reported that the outsourced company exposed the compromised data between August 2019 and May 2021.

It all started on March 20, when the data services company notified Volkswagen of unauthorized access to a sample of its information, involving Volkswagen, Audi and some distribution companies. A representative of Volkswagen Group of America, a subsidiary of the automotive company for the American territory, mentions that the incident would have affected up to 3.3 million customers, mainly Audi users.

The leak involves all kinds of confidential information, mainly contact details: “The records include full names, addresses, telephone numbers, email address, Social Security numbers and, in small cases, vehicle data, whether purchased or rented, are also included,” the company’s notification states.

It is reported that around 90 thousand of the affected customers suffered the leak of all their records stored by the automotive companies. In these cases, Volkswagen will offer a free credit protection and monitoring service to prevent any attempted fraud related to this leak. Volkswagen’s U.S. subsidiary began notifying affected users this weekend via email, asking them to stay on top of any attempted attacks stemming from this incident.

Because the information was exposed for nearly two years, it’s difficult to establish the exact number of affected users, so cybersecurity experts recommend potentially affected customers to verify the authenticity of any message seemingly sent by Audi or Volkswagen, either via email or SMS message. In extreme cases it is recommended to notify banks and any financial institution.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.