Mercedes-Benz USA Exposes Personal Data of 1.6 Million Customers

On June 24th, luxury car brand Mercedes-Benz USA joins the growing list of companies who have fallen victim to yet another data breach. This announcement comes the latest in a line of high-profile data leaks across the automotive industry, exposing how vulnerable customer personal information can be without a vigilant and proactive security solution in place to protect sensitive data at every turn. 

According to Mercedes-Benz USA, up to 1.6 million customers were affected, but fewer than 1,000 customers had more of their personal information exposed, such as dates of birth, social security, driver’s license and phone numbers, all of which make identity theft a very real and grave possibility. 

This information was stored on a third-party vendor’s cloud storage platform and was “inadvertently made accessible.” Though an “internet search would not return any information contained in these files,” Mercedes-Benz reported that “one would need knowledge of special software programs and tools” to access the data. 

This data breach is another example of how vulnerable data becomes as it travels throughout its many lifecycle stages from creation to misuse to archival. While the details of the breach aren’t fully available, we can infer that sensitive data was stored in a cloud data store like an AWS S3 bucket, and the bucket was misconfigured and left open to the public. It’s important for companies to implement comprehensive data security measures across their own infrastructure (and their vendor’s) that include regular scans of data store misconfigurations. 

With Dasera, companies can not only automatically scan for misconfigured data stores they can also protect their entire data lifecycle and secure their sensitive data from cradle to grave. 

 

Author

Tu Phan