Category Archives: Blog

The Volkswagen Group of America (VWGoA), a subsidiary of the German Volkswagen Group, recently disclosed a large scale data breach that exposed the personal data of more than three million VW customers.

The incident came about because between August of 2019 and May of 2021, one of VWGoA’s vendors left unsecured data exposed on the internet.

The company was notified by the vendor that an unauthorized person or persons had accessed the unsecured data and may have obtained customer information for people who had purchased an Audi or Volkswagen during that time, in addition to exposing some details on the dealerships where the vehicles were purchased. A forensic analysis revealed that information belonging to 3.3 million customers was exposed, and that 97 percent of those records related to customers of Audi vehicles or interested buyers.

The information in the vulnerable database varies widely from one customer to the next, but generally includes full names, email addresses and phone numbers, and more than 95 percent of the compromised records also included driver’s license numbers.

A small number of exposed customer records, numbering approximately 90,000, also contained social security numbers. For those customers, VWGoA is offering one year of free credit protection and monitoring, and a $1 million insurance policy that protects against identity theft.

VWGoA has also begun the process of notifying all impacted customers. So if you purchased a BMW or Audi during the time frame mentioned above, or if you expressed an interest in doing so, you may be contacted by Vokswagen.

Unfortunately, the database was left exposed for an extended period of time, and there’s no telling how many bad actors may have gained access to it. Right now, security professionals are monitoring the Dark Web in case the data begins appearing there. So far, it has not, but that could happen at any time.

McDonalds is the latest major corporation to fall victim to a hacking attack. The fast-food giant does business in more than 100 countries and has nearly 40,000 locations globally with more than 14,000 in the United States alone. Recently, they disclosed that hackers found a way into their network and stole information belonging to both employees and customers in the US, South Korea and Taiwan.

If there’s a silver lining in the disclosure, it lies in the fact that McDonalds was able to confirm that no payment information was stolen. Nonetheless, the hackers were able to abscond with a raft of personal information including email addresses, phone numbers, physical addresses and the full names of an as yet undetermined number of customers and employees.

As part of their disclosure, the company said that they were working with law enforcement and a outside internet security vendor to conclude the investigation. They included that they were in the process of contacting any customer whose information was compromised by the breach.

So far, their handling of the aftermath of the hack has been exemplary, though that’s at least in part because they’ve had their share of practice. Back in 2017, the company suffered an attack that revealed a cross-site scripting vulnerability that left customer passwords exposed and stored as plain text.

If you live in the US, Korea or Taiwan and are a regular McDonalds customer and have created a login on the company’s site or have downloaded the McDonalds app, you may be getting a letter from the company explaining that the information you shared with the company was compromised. The letter should outline the company’s next planned steps. Even if you don’t get a communication from them, your best bet is to change your McDonalds or app password right away.