Mercedes-Benz USA on Thursday disclosed a data breach within one of its vendors that leaked customers' and potential buyers' sensitive and personal information. In total, the company said fewer than 1,000 customers are affected by the breach. According to the announcement, the information comes from customers who entered various personal details on Mercedes-Benz websites between Jan. 1, 2014 and June 19, 2017.
The information remained stored on a vendor's cloud storage platform and was "inadvertently made accessible." The vendor promptly fixed the security fault after an external security researcher made the discovery.
Customers and potential customers from the affected time period may have had their driver's license numbers, Social Security numbers and credit card information leaked. Additionally, self-reported credit scores and dates of birth are all part of the data breach. Mercedes-Benz said, however, "one would need knowledge of special software programs and tools" to gain access to the actual data. "An internet search would not return any information contained in these files." The vast majority of the info leaked is customers' names, addresses, email addresses and phone numbers.
Any affected individual who did have more sensitive information breached, such as a Social Security number or credit card info, will be given a complimentary 24-month subscription to a credit monitoring service. The company said it already began reaching out to those affected by the breach and will notify the appropriate government agencies.