Credit card data disclosed at Mercedes-Benz in data protection incident

Sicherheit (Pexels, allgemeine Nutzung)[German]Mercedes-Benz USA just had to admit to a data breach affecting some customers. In this data breach incident, credit card information, social security numbers and driver's license numbers of nearly 1,000 Mercedes-Benz customers and potential buyers were exposed between January 1, 2014 and June 19, 2017.


Details  were provided in a press release, which I'll pull out here since such texts are deleted after some time.  

Jun 24, 2021 – ATLANTA, GA

On June 11, 2021, a vendor informed Mercedes-Benz that sensitive personal information of less than 1,000 Mercedes-Benz customers and interested buyers was inadvertently made accessible on a cloud storage platform. This confirmation was part of an ongoing investigation conducted in cooperation with the vendor. The issue was uncovered through the dedicated work of an external security researcher. It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017. No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.

Data security is a serious matter for MBUSA. Our vendor confirmed that the issue is corrected and that such an event cannot be replicated. We will continue our investigation to ensure that this situation is properly addressed. 

The vendor reports that the personal information for these individuals (less than 1,000) is comprised mainly of self-reported credit scores as well as a very small number of driver license numbers, social security numbers, credit card information and dates of birth. To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files.

The investigation was initiated to assess the accessibility of approximately 1.6 million unique records. The vast majority of these records included information such as name, address, emails, phone numbers, and some purchased vehicle information.  However, MBUSA would like to stress that a review of the total data entry record set determined that less than 1,000 individual Mercedes-Benz customers and interested buyers had additional personal information in a publicly accessible state. Mercedes-Benz USA has already begun notifying individuals, whose additional information was accessible, about this incident. Any individual who had credit card information, a driver' s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies.

Any individuals who have questions or concerns about this incident should contact the Mercedes-Benz Customer Assistance Center at 1-800-367-6372.

As recently as June 12, 2021, Audio/VW had to admit to a data privacy incident in the U.S. that affected 3.3 million customer records between August 2019 and May 2021 – colleagues at Bleeping Computer had reported.  (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *