Identity Theft Alarms Sound as Data Breach Affects 1.6 Million Mercedes-Benz Customers

Identity Theft may become a concern for Mercedes-Benz owners and even potential buyers as the company has disclosed a massive data breach recently. The automobile company assessed 1.6 million customer records, including customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears that much of the data exposed in the data breach includes social security numbers, driver license numbers, and credit card information. Currently, it is not believed that all of the 1.6 million individuals affected have had their more personal information like SSNs exposed.

On June 11th, a vendor for the German automotive brand informed the company that the personal information of a number of customers was exposed due to an insufficiently secured cloud storage instance.

According to Mercedez-Benz, the breach affects customers and potential buyers who has entered sensitive information on the company website between 2014 and 2017. This also applies to Mercedez-Benz website.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between January 1, 2014 and June 19, 2017.”

“No Mercedes-Benz system was compromised as a result of this incident, and at this time, we have no evidence that any Mercedes-Benz files were maliciously misused.”

“Data security is a serious matter for MBUSA. Our vendor confirmed that the issue is corrected and that such an event cannot be replicated.”

“We will continue our investigation to ensure that this situation is properly addressed,”  said Mercedes-Benz in a press release.

Given the lengthy time scale and the number of uses affected, fears of identity theft have been sparked. Information such as social-security numbers are the key to carry out identity theft on unsuspecting victims.

The vendor who notified Mercedez-Benz of the data breach states that the exposed information included:

• Self-reported customer credit scores
• Driver license numbers
• Social Security Numbers (SSNs)
• Credit card numbers
• Dates of Birth

The company also stated in their press release that the information would not have been searchable on or indexed by a typical search engine.

“To view the information, one would need knowledge of special software programs and tools – an Internet search would not return any information contained in these files,” says Mercedes-Benz.

The company is in the process of contacted affected individuals whose data was exposed in the breach.

“Any individual who had credit card information, a driver’s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies,” says the vehicle company.

The full amount of users affected by the breach is not known. Cybersecurity researchers at BleepingComputer have reached out to the company for more details but have yet to get a response.

The Dangers of Identity Theft

Identity Theft can be absolutely devastating for an individual. Usually, in the world of malware, we know certain things can be harmed. Our devices may need to be replaced, we may lose access to accounts for a few days or even forever, we may even need to pay a ransom for access to our data. The point is, with most types of Malware, we can eventually rebuild, though it may take longer than we anticipate. The fallout from identity theft is much longer.

Once your stolen information is used once, it can take anywhere from a few days to six months for that one incident. But your information is out there for a very, very long time. This means you could end up dealing with identity theft for many years, even decades.

Identity Theft has been around for a very long time and predates our modern technology by thousands of years. There have always been individuals that try to impersonate others for their own gain, financial or otherwise. However, the internet’s birth and wide adoption have led to new attack vectors, dwarfing any possible past attempts.

Now more than ever do we have data tied into our personal identity. Email addresses, banking numbers, phone numbers, social security numbers, home addresses – All of these and more form a picture of us as lines in a database.

And when this information falls into the wrong hands, it can do a lot of damage. Bank accounts can be drained, and your credit rating can get rattled; you can end up with medical bills or even a criminal record. The list of potential mishaps that can arise from identity theft is endless.

To hackers, identity theft represents a lucrative stream of income, and they can very easily cover their tracks. After they have seized personal information, they sell it on the dark web. This information can be sold over time, repeatedly, meaning that if you notice your identity has been stolen and used, it can be used in several instances over a long period of years.

There are some guidelines from the US government in discovering if you are a victim of identity theft if it is not immediately obvious:

• You stop receiving your regular bills and credit card statements.
• You receive statements for accounts you never opened.
• Debt collectors start calling you day and night about debts you’ve never heard of.
• The IRS alleges you failed to report income for a company you never worked for.
• You see withdrawals/charges on your bank or credit card statement that you didn’t make.
• You try to file your taxes only to discover that someone else beat you to it.
• You try to file your taxes and find someone claimed your child as a dependent already.
• Your credit report includes lines of credit you never opened.
• Your credit score fluctuates wildly and for no apparent reason.
• The most obvious sign—you receive a notification that you’ve been the victim of a data breach.
• If you are unsure, it is always best to check with the authorities on the US government’s identity theft website.