Volkswagen revealed on Friday a major data breach from one of its associate vendors affecting over 3.3 million customers.
The German automobile maker disclosed that a compilation of data collected for sales and marketing purposes between 2014 and 2019 was left by an unnamed associate vendor unsecured and was exposed online.
Volkswagen Group of America said that an unauthorized third party was able to obtain “limited personal information received from or about customers and interested buyers from a vendor that Audi, Volkswagen, and some authorized dealers in the United States and Canada use for digital sales and marketing activities.”
Names, mailing addresses, email addresses, phone numbers, and some VINs and vehicle features like makes and models comprised the majority of the leaked information.
The data breach affects the majority of current or potential Audi customers, Volkswagen’s luxury car subsidiary, totaling around 3.1 million. It also affects 3,300 customers and interested buyers for Volkswagen
Volkswagen is notifying all affected individuals directly to remain suspicious of emails or other communications and take proactive actions.
The German company has employed external cybersecurity experts to investigate the incident.
“Audi and Volkswagen are working with third-party cybersecurity experts to assess and respond to this situation and have taken steps to address the matter with the vendor involved,” said the company.