Mercedes-Benz data breach exposes SSNs, credit card numbers

Mercedes-Benz USA has just disclosed a data breach impacting some of its customers.

The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact.

It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers.

Data breach impact disclosed after auditing 1.6 million records

Yesterday, German automotive brand and luxury vehicle company, Mercedez-Benz disclosed a data breach impacting some customers and potential buyers.

On June 11th, a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.

According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017:

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017.”

“No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”

“Data security is a serious matter for MBUSA. Our vendor confirmed that the issue is corrected and that such an event cannot be replicated.”

“We will continue our investigation to ensure that this situation is properly addressed,”  said Mercedes-Benz in a press release.

The vendor who notified Mercedez-Benz of the data breach states that the exposed information included:

• Self-reported customer credit scores
• Driver license numbers
• Social Security Numbers (SSNs)
• Credit card numbers
• Dates of Birth

However, the company has stated that this information would not have been searchable on or indexed by a typical search engine.

“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” says Mercedes-Benz.

The company released this data breach statement after reviewing almost 1.6 million unique customer records, which included name, address, emails, phone numbers, and some purchased vehicle information.

But, upon the completion of the investigation, it was determined that under 1,000 customers have had their “additional” personal information exposed via publicly accessible cloud storage solution. 

Mercedes-Benz USA says that it is in the process of contacting the affected individuals about this incident whose additional information was accessible.

“Any individual who had credit card information, a driver’s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies,” says the vehicle company.

Because the company mentions only under 1,000 customers had their additional information exposed, after auditing 1.6 million customer records, it is not clear exactly how many customers were affected by this incident.

BleepingComputer has reached out to Mercedes-Benz/Daimler AG with additional questions and we are awaiting their response.