Volkswagen has warned customers that one of its vendors was recently affected by a data breach which potentially exposed the information of some 3.3 million customers in the US and Canada.
In a statement, the automaker said that one of its vendors – used by Volkswagen, its subsidiary Audi, and its authorized dealers in the US and Canada – had left customer data unprotected between August 2019 and May 2021, which allowed an unauthorized third party to access the information. Customer data collected from 2014 to 2019 was affected by the hack.
The customer data collected by Volkswagen included names, postal and email addresses, and phone numbers, TechCrunch reported. But the automaker also noted that over 90,000 customers across the US and Canada also had more sensitive data exposed, such as information relating to whether they were eligible for a loan. Most of the sensitive data was drivers’ license numbers, but Volkswagen also said that a “small” number of records also included customers’ dates of birth and Social Security numbers.
In a statement, Volkswagen did not identify the vendor.
“We have also informed the appropriate authorities, including law enforcement and regulators, and are working with external cybersecurity experts and the vendor to assess and respond to this situation,” a company spokesperson said.
Volkswagen is offering free credit protection and monitoring services, plus $1 million of insurance against identity theft to the 90,000 customers whose more sensitive information was exposed.