sb.scorecardresearch
Advertisement

Published 13:32 IST, June 25th 2021

Mercedes-Benz US 'accidentally' leaks confidential data of 1,000 customers: Report

Mercedes Benz inadvertently made customers’ credit scores, driver's license, social security numbers (SSN) and credit card info accessible on cloud storage

Reported by: Zaini Majeed
Follow: Google News Icon
  • share
Mercedes-Benz
IMAGE: AP | Image: self
Advertisement

Mercedes-Benz USA on June 24 accidentally leaked the confidential data of at least 1,000 buyers and interested purchasers. The information breach occurred for the customer data recorded with the corporation between January 2014 and June 2017. The luxury carmaker inadvertently made the customers’ credit scores, driver's license and social security numbers, and credit card information accessible on the cloud storage platform. Although, the luxury carmaker stated that none of the personal information was maliciously used or compromised.

According to multiple reports on Thursday, Mercedes told the customers that fell victim to the breach with respect to their credit card information, driver's license number, and SSN that it will be giving them a two-year complimentary subscription to the credit monitoring service, reassuring that none of the information was compromised and no files were accessed. 

In a similar kind of breach in May, Mercedes-Benz’s source code for its "smart car" components had reportedly leaked online. This was highlighted after a Swiss-based software engineer discovered a Git web portal that belonged to Daimler AG [the automaker for the Mercedes-Benz car brand] wherein he was able to register an account on the code-hosting portal and download more than 580 Git repositories that contained the source code for Mercedes OLU component. These onboard logic units connect vehicles to the cloud for smart functioning. The leak posed security threats and danger of network attacks after the software vulnerabilities were identified.

Mercedes Benz cars operate on combined mechanical and computer systems with sensors and devices that make GPS and external location mapping possible due to smart technologies and applications. However, software engineer Till Kottmann from Switzerland four an incorrect configuration on Daimler’s code hosting portal which allowed him to download data related to OLU that controls real-time vehicle data that allow the third-party apps to track the internal state of the vehicle and lock it in case it's stolen. 

Volkwagen data breach 

Last week, German automobile maker Volkswagen admitted in a letter that nearly 3.3 million Volkswagen and its luxury car subsidiary Audi customers had suffered a data breach for more than two years. The carmaker reportedly revealed that the personal data of millions of  Americans and Canadians had been accessible online which included confidential information such as their phone numbers, email addresses, postal mailing addresses, vehicle identification numbers, and drivers’ license number. The corporation, however, blamed an external firm for the colossal breach stating that this ‘unnamed’ firm had extracted the data “for marketing purposes” and had eventually abandoned it on an unsecured server. 

Updated 13:32 IST, June 25th 2021