Another day, another data breach to report from another company whose customers have been put at risk.
This time the company is the automaker Volkswagen, which has been sending out an official data breach notice to customers in recent days that blames the incident on a vendor (used by Volkswagen, Audi, and authorized car dealers) that apparently left data in an unsecured state online. “On March 10, 2021,” the Volkswagen data breach notice explains, “we were alerted that an unauthorized third party may have obtained certain customer information.”
In total, it seems that data associated with some 3.3 million Volkswagen customers and even prospective buyers was exposed as a result of this incident. Most of the data includes emails, phone numbers, customer names, and addresses, but some 90,000 potential buyers in the US and Canada had even more exposed — including driver’s license numbers and a small number of birth dates and Social Security numbers.
About this incident, a Volkswagen spokesperson told TechCrunch that it has “informed the appropriate authorities, including law enforcement and regulators, and are working with external cybersecurity experts and the vendor to assess and respond to this situation.” This incident, by the way, also calls to mind another that we wrote about recently, involving word that California state residents may have had their personal data stolen via a cyberattack on a vendor associated with the California Department of Motor Vehicles. You can read more about that incident here.
Volkswagen says in its data breach notice that it’s teamed up with the consumer privacy platform IDX to offer free credit protection services. “IDX identity protection services include: 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services should that occur,” Volkswagen told customers.
Interested parties are encouraged to contact IDX with questions and to enroll in free identity protection services by calling 833-406-2408 or going to https://response.idx.us/audivwdataprotect. That site answers a number of questions that impacted customers might have, including why the letter they might have received doesn’t include an offer of credit monitoring or other protection services. “For the vast majority of individuals,” the site explains, “the affected data includes contact information and, in some instances, vehicle details. Audi and Volkswagen are offering 24 months of credit protection services at no charge only to individuals for whom the following information was impacted: Driver’s license number; date of birth; Social Security or social insurance number; account or loan number; or tax identification number.
“As always, we recommend that individuals remain alert for suspicious emails or other communications that might ask them to provide information about themselves or their vehicle.”