Reading:
Unprotected database containing 10 million U.S. vehicle owners’ personal details leaked
Share:
us vehicle owners leaked info

Unprotected database containing 10 million U.S. vehicle owners’ personal details leaked

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Approximately 10 million U.S. vehicle owners’ personal data was left exposed after a massive database containing their information was leaked.

Security researchers from Kromtech Security found the unprotected database split into three main sections which is thought to contain ‘critical and sensitive information’. The first section includes names, addresses, home and work numbers, dates of birth, gender and the number of children over 12 years old.

This information is thought to have been extracted from numerous U.S. based car dealerships.

Kromtech’s security researchers also found that the unprotected database contained the history of vehicles owned, Vehicle Identification Number (VIN), model, model year, sales representative name and mileage. This information was held on the second section of the database.

To add to the information leaked, the third section of the database contained sales details including vehicles’ mileage odometer, what method of payment the vehicle was paid by, monthly payment amounts and ‘much more’…

The leaked data includes VINs of 16,522 Jeep Wranglers. The data, in combination with other leaked data on the unprotected database, could allow cyber-criminals to do a lot of damage.

Kromtech Security’s discovery

In his report, Kromtech’s researcher Bob Diachenko noted:

“…sophisticated criminals have now created a way to combine traditional offline crimes like stealing cars and technology. Criminals are now using leaked or hacked data to obtain unique identifiers for a vehicle and then ‘cloning’ a VIN to make a stolen car appear to be perfectly legal.”

Mr Diachenko’s analysis shows the sheer importance in protecting online data as this could cause an unprecedented rise in crimes such as stealing and/or cloning cars.

It’s evident that this technique is frequently used by car thieves. Some may question the viability in doing so, but thieves can use some forgery to get the real title or other ownership documents from the motor vehicle office in the neighbouring state. If the thieves can register the vehicle (albeit, fraudulently) and it’s not reported as stolen, there can be very little chance that the vehicle can be traced back to the theft.

Mr Diachenko gives one example of this type of hack where 150 Jeep Wranglers were stolen. He said that the car thieves “used stolen VIN numbers to steal the cars. Using a compromised database of VINs for Jeep Wranglers, these bikers were able to create duplicate keys to gain access to the Jeeps they targeted.”

With approximately 10 million vehicle owners’ details exposed on the unprotected database, car thieves may be leeching onto the information to perpetrate crimes by acquiring vehicles illegally.

It’s also believed that the data was acquired for marketing purposes.

Though Mr Diachenko reassures vehicle owners that the unprotected database didn’t include owners’ card/payment data, there’s still a risk that those who had access to the database could still undertake identity fraud with the amount of personal data that was exposed.

Strict warning

The leaked data was online for just under five months – this could’ve caused a lot of damage and undue stress towards vehicle owners. This leak should be a strict warning to dealerships not only to fulfil their legal obligation to protect their customers’ data but also to protect details of what types of cars they sell.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon