The data of 3.3 million Canadian and US customers of the Volkswagen group would be for sale online, after being stolen last March. TO give notice is the head Motherboard, who identified the seller and analyzed a sample of the archive offered. Last week, Friday 11th, the auto group had released a page on its website to inform customers that they have discovered potential abusive access to their customers’ information. Most of the stolen data involves customers or potential buyers of Audi, a car manufacturer owned by the German brand, and refers to sales for the period between 2014 and 2019.
“As the investigation continues, Audi and Volkswagen believe that most of the affected data includes some or all of the following contact information: first and last name, personal or business postal address, email address or telephone number,” it reads. in a company note, which continues: “In some cases, the data may also include information about a vehicle purchased, rented or requested, the vehicle identification number (VIN), make, model, year, color and finish” .
However, for at least 90,000 victims, the data could also include Social security numbers (identifiers provided by the state and considered confidential), bank accounts, tax identifiers, driving license numbers and other information related to eligibility for leasing programs, the company writes.
On its website, Volkswagen explained that the information had been stolen from the computer systems of a third party supplier, whose identity was not disclosed, and that a cybersecurity company is currently investigating the incident.
According to what was reconstructed by Motherboard, the data proposed on an online forum – the details of which were not disclosed – appeared in March, in the same period in which the company claims to have discovered the data breach. The seller has made available to users a sample of the archive which allegedly contains all the information – custom established to allow testing the quality – from which the newspaper was able to confirm the correctness of the data of at least 7 victims. The archive would be offered for a fee between 4 and 5 thousand dollars.
Contacted by Italian Tech, the automaker did not immediately respond to a request for comment.
The company said it had begun to contact the victims involved by post and electronically. A scam monitoring program is offered free of charge to 90,000 victims whose data also covered the most sensitive information.