Mercedes-Benz 1.6 million hits in possible data Breach — What You Need to Know

Mercedes-Benz 1.6 million hits in possible data Breach — What You Need to Know

Mercedes-Benz USA announced yesterday (June 24) a data breach by a third-party vendor that exposed the personal information of up to 1.6 million prospective and actual customers, including names, addresses, e-mail addresses, and phone numbers.

In addition, according to Mercedes-Benz USA, "less than 1,000 people" had their highly sensitive personal information, such as "driver's license numbers, social security numbers, credit card information, and dates of birth" compromised. Mercedes-Benz said it would offer these people free credit monitoring and identity theft protection.

If the data was indeed stolen (and there is no evidence yet that it was), then those 1,000 or so individuals are at risk of identity theft. It is often possible to open an account in someone else's name with just their full name, address, date of birth, and social security number.

Anyone who has been told by Mercedes-Benz USA that their highly sensitive information has been compromised should consider taking advantage of the credit monitoring offer. Or they may want to consider paying for the best identity theft protection services we have to offer.

Also, notify one of the Big Three credit reporting agencies and have them place a fraud alert on your credit file, and they will notify the other two of the Big Three. You may also want to consider a credit freeze, which can have unintended side effects. Methods for fraud alerts and credit freezes are as follows.

Mercedes-Benz USA announced on June 11 that "the dedicated work of outside security researchers uncovered ...... as part of an ongoing investigation" into the "issue," and said it had received a report from an unnamed vendor that "data had been inadvertently made accessible on a cloud storage platform."

On the same day, June 11, Volkswagen of America also announced that personal data for 3.3 million prospective and actual Audi customers had been exposed on an unnamed third-party vendor's database. Some of Audi's data was subsequently offered for sale on an online cybercrime marketplace.

The striking similarity in timing of the two incidents involving the German luxury carmaker's North American office may be merely circumstantial.

For now, it is not clear whether Mercedes-Benz data was stolen from the database before the unprotected condition was discovered and corrected.

"There is no evidence that the Mercedes-Benz files were maliciously misused. No Mercedes-Benz systems were compromised as a result of this incident."

The company stated that anyone attempting to view the publicly available data "would require knowledge of special software programs and tools" and that "an Internet search would not yield the information contained in these files."

The data was entered into Mercedes-Benz USA dealership and company websites by customers and potential buyers between January 1, 2014, and June 19, 2017, the company said.

If you have any concerns, you may call Mercedes-Benz USA at (800) 367-6372.

Categories