Over 3.3M VW customers have had their personal details exposed

A hot potato: It seems there's no end to this new "trend" of hacking global companies. The latest one to come out publicly to inform that it's been hacked is Volkswagen, which had one of its vendors hacked, allowing the culprits to access information of over 3.3 million customers from the United States and Canada.

In a letter, Volkswagen states it was informed about an unauthorized third party who accessed sensitive customer information on March 10, 2021. After being notified about the situation, the car manufacturer started an investigation to discover what was accessed and which customers and potential buyers were affected.

The leaked data was gathered by the vendor from 2014 to 2019. VW claims the "vendor left electronic data unsecured," which allowed the third-party group to access it somewhere between August 2019 and May 2021.

VW's letter on the data breach further explains that the leaked data includes the person's first and last name, personal or business mailing address, email address, and phone number. Information about purchased, leased, and inquired vehicles have also been accessed, including the Vehicle Identification Number (VIN), maker, model, year, color, and trim package.

Sensitive information needed for a vehicle's lease, purchase, or loan of over 90,000 individuals has also leaked. That information includes mostly driver's license numbers. Date of birth, social security numbers, account numbers, and Tax ID numbers were also leaked in a "very small number" of instances.

Volkswagen has informed the authorities about the breach and is working with cybersecurity specialists and the unnamed vendor to mitigate the damages (we wonder how). The car maker has also partnered with IDX to protect those affected with free credit protection services.

Volkswagen is the latest addition to an ever-growing list of cyber attack victims. Just in the past few weeks other global companies including McDonald's, Electronic Arts, and JBS have also had sensitive data accessed by unauthorized third-party groups.

Masthead credit: Erik Mclean