Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Approximately 10 million U.S. vehicle owners’ personal data was left exposed after a massive database containing their information was leaked.
Security researchers from Kromtech Security found the unprotected database split into three main sections which is thought to contain ‘critical and sensitive information’. The first section includes names, addresses, home and work numbers, dates of birth, gender and the number of children over 12 years old.
This information is thought to have been extracted from numerous U.S. based car dealerships.
Kromtech’s security researchers also found that the unprotected database contained the history of vehicles owned, Vehicle Identification Number (VIN), model, model year, sales representative name and mileage. This information was held on the second section of the database.
To add to the information leaked, the third section of the database contained sales details including vehicles’ mileage odometer, what method of payment the vehicle was paid by, monthly payment amounts and ‘much more’…
The leaked data includes VINs of 16,522 Jeep Wranglers. The data, in combination with other leaked data on the unprotected database, could allow cyber-criminals to do a lot of damage.
In his report, Kromtech’s researcher Bob Diachenko noted:
“…sophisticated criminals have now created a way to combine traditional offline crimes like stealing cars and technology. Criminals are now using leaked or hacked data to obtain unique identifiers for a vehicle and then ‘cloning’ a VIN to make a stolen car appear to be perfectly legal.”
Mr Diachenko’s analysis shows the sheer importance in protecting online data as this could cause an unprecedented rise in crimes such as stealing and/or cloning cars.
It’s evident that this technique is frequently used by car thieves. Some may question the viability in doing so, but thieves can use some forgery to get the real title or other ownership documents from the motor vehicle office in the neighbouring state. If the thieves can register the vehicle (albeit, fraudulently) and it’s not reported as stolen, there can be very little chance that the vehicle can be traced back to the theft.
Mr Diachenko gives one example of this type of hack where 150 Jeep Wranglers were stolen. He said that the car thieves “used stolen VIN numbers to steal the cars. Using a compromised database of VINs for Jeep Wranglers, these bikers were able to create duplicate keys to gain access to the Jeeps they targeted.”
With approximately 10 million vehicle owners’ details exposed on the unprotected database, car thieves may be leeching onto the information to perpetrate crimes by acquiring vehicles illegally.
It’s also believed that the data was acquired for marketing purposes.
Though Mr Diachenko reassures vehicle owners that the unprotected database didn’t include owners’ card/payment data, there’s still a risk that those who had access to the database could still undertake identity fraud with the amount of personal data that was exposed.
The leaked data was online for just under five months – this could’ve caused a lot of damage and undue stress towards vehicle owners. This leak should be a strict warning to dealerships not only to fulfil their legal obligation to protect their customers’ data but also to protect details of what types of cars they sell.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.