Volkswagen announced today that one of their vendors had a security lapse that exposed 3.3 million drivers’ details after a cache of customer data was left exposed to the public internet.
According to Volkswagen, this data had been collected from 2014 to 2019 and left unprotected between August 2019 and May 2021. Most of the stolen records included names, phone numbers, email addresses and mailing addresses.
However, more than 90,000 people across the US and Canada had more sensitive data exposed, such as driver license numbers, date of births and in some cases, Social Security numbers.
This breach is another example of the difficulty in protecting the data lifecycle. Data within Volkswagen has its own data lifecycle. If Volkswagen had used Dasera, they would have been able to monitor exactly which partners were given sensitive data and asked for assurances from those partners that the data be kept secure and compliant.
To complicate matters -- once the data was copied to the Volkswagen partner, a new data lifecycle was started. By using Dasera, the Volkswagen partner could have automatically tracked which data stores the sensitive data was stored in, whether those data stores were misconfigured, and who had access to those data stores -- and significantly decreased the likelihood of a breach.