The data was collected for sales and marketing purposes between 2014 and 2019 and was stored in an electronic file that a vendor left unprotected, says NBC News.
According to Volkswagen North American, more than 3.3 million customers and prospective buyers have been affected by a data leak at a supplier.
The majority of those affected were current or potential Audi customers, one of the German automaker’s luxury brands.
Volkswagen Group of America said Friday that an unauthorized third party obtained limited personal information about customers and prospective buyers from a vendor used by the Audi Volkswagen brand along with some U.S. and Canadian dealers for digital sales and marketing.
Only a few clients’ phone numbers and email addresses were compromised
According to the company, the vast majority of customers’ phone numbers and email addresses were not affected by the data breach. The data may also include information about a car that was purchased, leased, or, in some situations, inquired about.
VW stated that 90 thousand Audi customers and prospects had sensitive data compromised in connection with their purchase or lease authorization. Volkswagen stated it will provide free credit protection services to those affected individuals.
In more than 95% of the cases, the sensitive data consisted of driver’s license numbers. A tiny number of records contained additional information such as dates of birth, Social Security numbers, and account numbers.
In Canada, the manufacturer believes that no sensitive data was exposed to cybercriminals, whereas in the United States, more than 3.1 million people are affected.
VW believes the data was obtained between August 2019 and May 2021. The latter data is when the automaker has been able to determine the source of the problem. For the time being, Volkswagen is notifying all affected individuals directly so that they can take appropriate actions.