Mercedes-Benz Customer Data Flies Out the Window
#1
Information 
Quote:Of course, even a company like Mercedes-Benz can inadvertently fart out customer data. That’s what the automaker admitted to on Thursday, when Mercedes-Benz USA disclosed that one of its vendors has leaked customer information out of its cloud storage system.
 
The situation is murky, but one thing seems to be certain: This spill was prolonged, as in, the data was exposed for over three years. The company – which is the American subsidiary of the German automotive brand Daimler AG – said in its advisory that the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between Jan. 1, 2014 and June 19, 2017. The company credited an unnamed external security researcher for giving it the heads-up.
 
Mercedes-Benz didn’t indicate when it was first made aware of the data exposure, why it took four years to come to light, what happened in 2017 to cause the leak to plug up, nor what brought about the eventual discovery – whenever that happened. Threatpost has reached out to Daimler AG to try to flesh out the limited information that Mercedes-Benz provided.
 
Tom Garrubba, CISO at the third-party risk-management firm Shared Assessments, told Threatpost on Friday that he views the situation in two parts: “First, a lack of proper security around the data containers at the cloud service provider, and second, lack of proper due diligence from Mercedes-Benz in asking questions and performing such due diligence in understanding how they are securing their data (network, systems, etc.).”
 
The good news is that at least so far, there’s been no evidence of the carmaker’s systems having been tampered with, nor that customer records were misused, according to the advisory: “No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”
 
The bad news is that, for whatever reason, the vendor was apparently collecting Social-Security numbers, dates of birth and other highly sensitive information from customers. Mercedes-Benz said that data pertaining to less than 1,000 Mercedes-Benz customers and interested buyers were inadvertently exposed, and that the dataset consisted “mainly of self-reported credit scores.”
 
But there were also “a very small number” of records that included:
  • Driver-license numbers
  • Social-Security numbers
  • Credit-card information
  • Dates of birth

Read more: Mercedes-Benz Customer Data Flies Out the Window | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>