Identity theft concerns are growing as Audi and Volkswagen have suffered a data breach affecting 3.3 million customers. The breach occurred when a vendor exposed unsecured data on the internet. Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. According to data breach notifications filed with the California and Maine Attorney General’s office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.
In March, VWGoA was notified by the vendor a threat actor had accessed the exposed data and possibly obtained customer information for Audi and Volkswagen.
VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.
With regards to what data has been exposed – It varies per customer. For some it could simply be contact information, but for many others the data contains social security numbers and loan numbers.
“The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages,” explains the VWGoA data breach notification first reported by TechCrunch.
“The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.”
SSNs, TINs, and other information found the bedrock of the illegal identity theft market.
For those whose sensitive information was leaked, Volkswagen is providing free credit protection and monitoring services. This include $1 million of insurance against identity theft.
VWGoA began notifying affected customers and prospective customers yesterday via mail and warn that customers should be on the lookout for suspicious emails, calls, or texts.
As the Audi and Volkswagen data was unsecured for a long time, there is no telling how many people had gained unauthorised access.
The Dangers of Identity Theft
Identity Theft can be absolutely devastating for an individual. Usually, in the world of malware, we know certain things can be harmed. Our devices may need to be replaced, we may lose access to accounts for a few days or even forever, we may even need to pay a ransom for access to our data. The point is, with most types of Malware, we can eventually rebuild, though it may take longer than we anticipate. The fallout from identity theft is much longer.
Once your stolen information is used once, it can take anywhere from a few days to six months for that one incident. But your information is out there for a very, very long time. This means you could end up dealing with identity theft for many years, even decades.
Identity Theft has been around for a very long time and predates our modern technology by thousands of years. There have always been individuals that try to impersonate others for their own gain, financial or otherwise. However, the internet’s birth and wide adoption have led to new attack vectors, dwarfing any possible past attempts.
Now more than ever do we have data tied into our personal identity. Email addresses, banking numbers, phone numbers, social security numbers, home addresses – All of these and more form a picture of us as lines in a database.
And when this information falls into the wrong hands, it can do a lot of damage. Bank accounts can be drained, and your credit rating can get rattled; you can end up with medical bills or even a criminal record. The list of potential mishaps that can arise from identity theft is endless.
To hackers, identity theft represents a lucrative stream of income, and they can very easily cover their tracks. After they have seized personal information, they sell it on the dark web. This information can be sold over time, repeatedly, meaning that if you notice your identity has been stolen and used, it can be used in several instances over a long period of years.
There are some guidelines from the US government in discovering if you are a victim of identity theft if it is not immediately obvious:
- You stop receiving your regular bills and credit card statements.
- You receive statements for accounts you never opened.
- Debt collectors start calling you day and night about debts you’ve never heard of.
- The IRS alleges you failed to report income for a company you never worked for.
- You see withdrawals/charges on your bank or credit card statement that you didn’t make.
- You try to file your taxes only to discover that someone else beat you to it.
- You try to file your taxes and find someone claimed your child as a dependent already.
- Your credit report includes lines of credit you never opened.
- Your credit score fluctuates wildly and for no apparent reason.
- The most obvious sign—you receive a notification that you’ve been the victim of a data breach.
- If you are unsure, it is always best to check with the authorities on the US government’s identity theft website.
Protection
In some cases, a victim cannot be faulted for identity theft. For example, those affected by the data breach handed their information over to companies in good faith in the story above. Unfortunately, these companies, or more specifically the vendor, failed in protecting this information. However, many other times, business owners and families are singled out and targeted in their offices and homes.
For times like these, it is critical that you have the right tools to protect yourself. One of these tools is SaferNet.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.