Security risks are everywhere, they could be from state actors or insiders (employees) you are working with. As cyber risks are evolving by the day, perimeter security is not enough. Organizations must ensure that their third-party agencies, with whom they share corporate data, follow necessary security precautions and strictly abide by their security compliance. A simple mistake can cost companies a huge fortune.
Recently, Volkswagen revealed that a data breach at its third-party vendor affected more than 3.3 million customers and potential buyers of Audi in the U.S. and Canada. According to the official statement, the exposed information was gathered for sales and marketing from 2014 to 2019. It was found that threat actors accessed the customer data when the vendor left it unsecured at some point between August 2019 and May 2021.
Sensitive Data at Risk
The exposed data included contact and vehicle information relating to Audi customers and interested buyers such as first and last name, personal or business mailing address, email address, phone number, vehicle purchased, leased, inquired about, vehicle identification number (VIN), make, model, year, color, and trim packages.
In some cases, the data also included more sensitive information like eligibility for purchase, loan, or lease, driver’s license numbers, birth dates, social security numbers, insurance details, bank account numbers, and tax identification numbers.
While the attackers behind the data breach are unknown, Volkswagen has commenced an investigation to determine the nature and scope of the incident and reported the issue to the affected customers and the federal law enforcement authorities. “We take the safeguarding of your information very seriously. We have informed the appropriate authorities, including law enforcement and regulators. We are working with external cybersecurity experts to assess and respond to this situation and have taken steps to address the matter with the vendor,” the company said.
What should the affected users do?
Threat actors could exploit the leaked data in many ways, as the sensitive data was unsecured for a long time. Customers need to be vigilant about any suspicious emails or SMSs claiming to be from Audi or Volkswagen, as they could possibly be malicious. Remember to:
- Look out for spam emails or other communications requesting sensitive personal information.
- Be cautious when opening links or attachments from unsolicited third parties. Unsolicited emails could contain malware or other types of phishing links.
Data Leaks Cost Companies High-Interest Rates
A recent study from the American Accounting Association revealed that there is a very real cost for companies that can’t protect their customers’ personal information. Reportedly, banks charged higher interest rates to companies that suffered a data breach, compared to companies that had not. Besides, the effect could be high if the breach involved data of a large number of customers and even higher if the breach was a result of a cybercriminal act, rather than a mistake.