A memo to Volkswagen Group of America sellers obtained by Automotive Information recognized a vendor concerned in a knowledge breach impacting greater than 3.3 million prospects and potential patrons, primarily at Audi.
 
Within the e mail despatched Thursday, Audi of America President Daniel Weissland recognized the seller as Shift Digital, which is “utilized by Audi, Volkswagen, and a few approved sellers in the USA and Canada.” Two sellers with information of the scenario verified the seller’s identification with Automotive Information.

A number of messages in search of remark have been despatched Friday to Shift Digital, of Birmingham, Mich., however weren’t instantly returned. Spokespeople for the Audi and Volkswagen manufacturers declined additional remark past an announcement the automaker launched earlier within the day, which didn’t publicly identify the seller.

The data, gathered for gross sales and advertising between 2014 and 2019, was in an digital file the seller left unsecured, VW of America stated in its assertion. In accordance with Reuters, the automaker advised regulators the overwhelming majority of consumers had solely cellphone numbers and e mail addresses probably compromised. In some circumstances, knowledge additionally included details about a car bought, leased or inquired about.

Nevertheless, VW of America stated, 90,000 Audi prospects and potential patrons had delicate knowledge impacted referring to buy or lease eligibility. The automaker stated it should supply free credit score safety companies to these people. This knowledge comprised driver’s license numbers in additional than 95 p.c of circumstances. A small variety of information included extra knowledge corresponding to dates of beginning, Social Safety numbers and account numbers.

In his e mail, Weissland stated: “We consider the info was obtained when the seller left digital knowledge unsecured in some unspecified time in the future between August 2019 and Could 2021, once we recognized the supply of the incident.” He additionally advised sellers that the breached data “doesn’t have an effect on all sellers, however will have an effect on most, if not all, sellers that use the Enterprise Lead Administration (ELM) program provided by Shift Digital.”

The automaker stated it doesn’t consider delicate data is concerned in Canada, the place 163,000 prospects have been impacted.

Greater than 3.1 million individuals affected are within the U.S. Reuters reported the story earlier Friday.

Lindsay VanHulle and Reuters contributed to this report.

We just lately found that an unauthorized third social gathering obtained restricted private data acquired from or about prospects and patrons from a vendor that Audi, Volkswagen and a few approved sellers in the USA and Canada use for digital gross sales and advertising actions. The data was gathered for these functions between 2014 and 2019 and was in an digital file that the seller left unsecured.
 
We’re notifying all affected people immediately, no matter whether or not we’re required to take action by regulation, and can supply free credit score safety companies to roughly 90,000 people for whom delicate data was concerned.  
 
We take knowledge safety very significantly and are dedicated to safeguarding private data. We now have additionally knowledgeable the suitable authorities, together with regulation enforcement and regulators, and are working with exterior cybersecurity consultants and the seller to evaluate and reply to this case.  
 
Based mostly on our evaluation up to now, we consider that the overwhelming majority of the knowledge pertains to Audi prospects and patrons in the USA. At the moment, the breakdown is as follows:
 
•    Delicate Info Referring to Eligibility for a Buy, Mortgage, or Lease
 
o    Info referring to roughly 90,000 Audi prospects or patrons in the USA.
o    This delicate knowledge was comprised of driver’s license numbers in additional than 95% of circumstances. A really small variety of information included extra knowledge, corresponding to dates of beginning, Social Safety numbers and account numbers.
o    To our information, no delicate data (as described above) is concerned in Canada.  
 
•     Contact Info Obtained from or about Prospects or Patrons
 
o    Info referring to roughly 3.1 million Audi prospects or patrons in the USA and roughly 163,000 in Canada.
o    Info referring to roughly 3,300 Volkswagen prospects and patrons in the USA.  
o    This data comprised knowledge corresponding to names, mailing addresses, e mail addresses or cellphone numbers and, in some circumstances, car knowledge corresponding to VINs and car options.   
 
We remorse any inconvenience this will likely trigger our present or potential prospects. As at all times, we suggest that people stay alert for suspicious emails or different communications that may ask them to offer details about themselves or their car.