Audi and Volkswagen are alerting about 3.3 million people — including interested buyers — that they may have been affected by a security data breach. The data was held by a third party vendor, and had been collected for potential sales and marketing.
The breach was first discovered on March 10, 2021, said Audi and Volkswagen, and included a range of details including some or all of people's names, their email addresses and phone numbers — and also, in some cases, the car they bought including the Vehicle Identification Number or VIN.
There are 90,000 people who had even more details taken, as they may have handed those over when they bought the car, or applied for a loan or lease. In most of these cases, that included the breach of their driver's license number. But for a few others, their birth date, Social Security number and also their date of birth among other details, were involved.
The breach, the companies believe, took place at some point between August 2019 and May 2021, when data was left unsecured and uninvolved details that were collected by Audi, Volkswagen and some authorized dealers in both the U.S. and Canada. People who had interacted with the companies between 2014 and 2019 are thought to be potentially affected.
In Canada, the companies believe only about 163,000 people and their data are involved, with the bulk of the customers and potential buyers coming from the U.S.
Audi of America is sending out a letter or an email to those it believes have been affected, to offer credit monitoring for up to two years, plus also ID Theft Insurance of up to $1 million, as well as access to a service called CyberScan which alerts people as to whether their personal data is being traded or sold on online spaces.
The company is also extending the services to legal representatives of people who have died, but may have been swept up in the breach as well.
Bitdefender Total Security - 5 Devices | 1 year Subscription | PC/Mac | Activation Code by email