Hannes Czerulla 17.06.2021

Data of 3.3 million VW customers stolen

A VW vendor has exposed highly sensitive data of more than three million North American VW customers. Among them are social security and telephone numbers.

After the diesel emissions scandal in 2015, Volkswagen already had a hard time in North America. Confidence in the company is likely to suffer further as a result of the current data leak. (Source: Volkswagen)

The personal data of several million Volkswagen customers from the USA and Canada have fallen into unauthorised hands. Due to a security breach at an as of yet unnamed business partner, sensitive information of more than 3.3 million people was freely accessible on the internet for more than a year. According to a company spokesperson on Friday, customers and potential buyers of the Audi subsidiary were particularly affected.

Previously, the US blog Techcrunch had already reported on the data leak and published a letter addressed to customers as well as a corresponding legal letter dated June 10 to the state attorney general’s. The letter states that an investigation conducted at the end of May had already determined that “a third party” had access to the data.

Vehicle registration and account numbers

According to the report, the data contained information from the years 2014 to 2019 and was exposed online from August 2019 to May 2021. The majority of the data is contact information that was collected for sales and marketing. This part of the data leak includes names, email addresses, telephone numbers and in some cases vehicle registration numbers of around 3.1 million Audi customers in the US and 163,000 in Canada, as well as 3,300 US customers of VW.

In addition, sensitive data of about 90,000 Audi customers had also been unprotected. In 95 percent of these cases, driving licence numbers and US social security and account numbers were involved.

As of June 11, affected customers were informed about the incident by letter. In the letter, the company warns against suspicious emails and calls (also known as phishing) asking for further personal information or data about the vehicle.

Data source unknown

VW has called in judicial authorities and commissioned external data analysis and IT security experts to investigate. According to a VW spokesperson, legal letters to public prosecutors are a step that companies in the USA are obliged to take in the case of such customer data leaks. There are no indications of investigations by the judicial authorities as of yet.

For the time being, Volkswagen has not provided any information on who the business partner was with whom the data breach occurred. When asked by Techcrunch, VW also did not want to comment on possible consequences for the company.

For years, VW has had a difficult time in North America because of the “Dieselgate” scandal uncovered by US environmental authorities in September 2015. The mass manipulation of emissions data has severely tarnished the company’s image and caused sales figures in the USA to plummet temporarily. (dpa / hcz)