Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Transportation Privacy

Volkswagen Says a Vendor's Security Lapse Exposed 3.3 Million Drivers' Details (techcrunch.com) 23

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet. From a report: The car maker said in a letter that the vendor, used by Volkswagen, its subsidiary Audi, and authorized dealers in the U.S. and Canada, left the customer data spanning 2014 to 2019 unprotected over a two-year window between August 2019 and May 2021. The data, which Volkswagen said was gathered for sales and marketing, contained personal information about customers and prospective buyers, including their name, postal and email addresses, and phone number. But more than 90,000 customers across the U.S. and Canada also had more sensitive data exposed, including information relating to loan eligibility. The letter said most of the sensitive data was driver's license numbers, but that a "small" number of records also included a customer's date of birth and Social Security numbers.
This discussion has been archived. No new comments can be posted.

Volkswagen Says a Vendor's Security Lapse Exposed 3.3 Million Drivers' Details

Comments Filter:
  • by Anonymous Coward

    "the vendor, used by Volkswagen, its subsidiary Audi"

    So VW Owns audi, audi owns this other company, so that vendor is just an obfuscated part of VW

    • by carld ( 460344 )
      Please re-read "... that the vendor, used by Volkswagen, its subsidiary Audi, and authorized dealers in the U.S. and Canada, ..." . Looks like an enumeration of customers of which VW is just one.
      • Re: (Score:3, Informative)

        by bobbo666 ( 4899987 )
        Yah, several companies let a 3rd party handle/save/massage customer data for them. Sounds like something some TWOT's in Sales&Marketing do. C'mon, the name/address/phone number is hardly confidential. Most is public knowledge. But, if you intend these people to be repeat buyers the info is vital to your survival as a company. That's core data. Why let anyone see it? Or, why put it on a file outside your direct control where a competitor could access by slipping a little money to some dingbat at t
  • by Ostracus ( 1354233 ) on Friday June 11, 2021 @09:15AM (#61476794) Journal
    • by hawk ( 1151 )

      But it's not a problem, you can keep them private for just $8.50 an hour . . .

  • What's a 'vendor'?

    • A supplier - in this case, probably of marketing / customer base management services.

      Suppliers are very useful in any industry: they externalize risks and responsibilities, and provide essential scapegoating services when the brown stuff hits the proverbial fan.

      • Re: (Score:2, Offtopic)

        by zephvark ( 1812804 )

        Suppliers are very useful in any industry: they externalize risks and responsibilities, and provide essential scapegoating services when the brown stuff hits the proverbial fan.

        Ooh! Ooh! Bowdlerization! You'll probably like this joke:

        What's brown and sticky?

        A stick!

  • by tobiasly ( 524456 ) on Friday June 11, 2021 @09:44AM (#61476950) Homepage

    They should be using open-source drivers anyway, then it wouldn't matter if their details are exposed.

    • by TWX ( 665546 )

      Based on the lax licensing and demonstrated performances I was under the impression that VW/Audi drivers were already creative commons.

  • by Squash ( 2258 ) on Friday June 11, 2021 @10:06AM (#61477046) Homepage

    I wonder why the hell that company thought they deserved to have that information to begin with. This idea that every business you interact with needs to know all about you is absurd. Sell me your product, don't try to make me your product.

  • That's why they want to implement that software that drives the car for you ASAP! (As posted yesterday on /.) No more drivers, no more driver data!

    If you're an average /. reader, your sarcasm meter may be broken. So the non-sarcastic comment is to imagine how much more microsecond-by-microsecond driving data will become available, convenienly tied to a subscriber's identity, conveniently tied to some financial particulars to enable the payment of the subscription.

  • by MagusSlurpy ( 592575 ) on Friday June 11, 2021 @12:01PM (#61477470) Homepage

    . . . But a ROGUE vendor!

    • by hawk ( 1151 )

      of course . . . that's the one kind you need to get the Death Star plans, isn't it?

Every little picofarad has a nanohenry all its own. -- Don Vonada

Working...