Mercedes-Benz inadvertently leaked the private data of some of its customers. The good news is that the number of affected people was alleged to have capped somewhere around one thousand at the time of this writing. But the bad news is that this wasn’t like having your e-mail or phone number getting out there. Contents reportedly included customers’ social security numbers, self-reported credit scores, driver licenses, addresses, and credit card information.
While the odds of you personally being affected remain low, the circumstances in which this took place are becoming increasingly common. Customers and interested buyers entering personal data into company and dealer websites between 2014 and 2017 had their data stored via a cloud storage platform. But it wasn’t as secure as it should be and Mercedes is now blaming the vendor for the security breach and subsequent embarrassment.
Unfortunately, the compensation the manufacturer is willing to offer leaves a lot to be desired and it sounds like there’s more digging to be done before we can definitively anything about the scope of the problem. It’s slightly odd that it would be limited to just a thousand people when the cloud storage platform became a receptacle for consumer data coming in from numerous sources and spanning several years.
Mercedes is offering people who had their data left out in the wind a complimentary two-year subscription to a credit-monitoring service. That could be especially handy if someone uses the breach to steal your identity and rack up a bunch of debt. But it hardly seems like sufficient compensation for someone who had their private information mishandled. For what it’s worth, the company is claiming it has the whole thing handled.
“Data security is a serious matter for MBUSA,” stated the manufacturer in an apologetic release. “Our vendor confirmed that the issue is corrected and that such an event cannot be replicated. We will continue our investigation to ensure that this situation is properly addressed.”
The investigation was initiated to assess the accessibility of approximately 1.6 million unique records. The vast majority of these records included information such as name, address, emails, phone numbers, and some purchased vehicle information. However, MBUSA would like to stress that a review of the total data entry record set determined that less than 1,000 individual Mercedes-Benz customers and interested buyers had additional personal information in a publicly accessible state. Mercedes-Benz USA has already begun notifying individuals, whose additional information was accessible, about this incident. Any individual who had credit card information, a driver’ s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies.
Any individuals who have questions or concerns about this incident should contact the Mercedes-Benz Customer Assistance Center at 1-800-367-6372.
This is the kind of stuff that has me often playing the skeptic when it comes to the automotive industry’s current infatuation with consumer data and cloud-based storage solutions. While dumping information onto the cloud helps it avoid it becoming subject to physical harm (e.g. natural disasters), you’re effectively handing it all over to a third party that can do whatever it likes and making it vulnerable to their screwups. And all the conveniences of being able to access files anywhere do pose a few alternative security risks.
Though we don’t have a sound solution other than recommending you think twice before handing sensitive info over to any organization. Businesses the world over are now heavily reliant on cloud-based storage and keen to hoover up as much data as they can find.