Volkswagen Group of America (VWGoA) reported a data breach affecting 3.3 million customers.

Volkswagen Group of America (VWGoA) is the North American subsidiary of the Volkswagen Group and is responsible for the business operations of Volkswagen, Audi, Bentley, Bugatti, Lamborghini and VW Credit in the United States and Canada.

According to the notifications, vendor left unsecured data exposed on the Internet between August 2019 and May 2021. On March 20 of this year, VWGoA was notified that an unauthorized person had accessed the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.

VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers. The data exposed varies per customer, ranging from contact information (first and last name, personal or business mailing address, email address or telephone number) to more sensitive information such as social security numbers and loan numbers.

More than 95% of sensitive data included was driver's license numbers.

Source: securitylab.ru