A Volkswagen marketing partner has suffered a data breach, according to a letter from the automaker’s Audi business. The result: Supply chain hackers have obtained data involving 3.3 million current and potential Audi customers across the United States and Canada, the automobile manufacturer has disclosed.
The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file that the Volkswagen supply chain partner left unsecured, Reuters reports.
The lifted data generally involves:
Customer numbers and email addresses;
in some cases, information about a vehicle purchased, leased, or inquired about; and
about 90,000 Audi customers and prospective buyers had sensitive data impacted relating to purchase or lease eligibility; and
the data was likely obtained at some point between August 2019 and May 2021.
Volkswagen did not mention whether the company has hired a cybersecurity consulting firm or MSSP to assist with the forensics.