A sizable data breach disclosed this month at Volkswagen Group of America involving a third party is a timely warning for an industry that continues to quickly expand its online sales capabilities.
Automakers, retailers and those that supply them with services must realize that bad actors constantly go after critical data. Any assurances provided to customers are only as strong as your weakest link — or most vulnerable vendor. Data security must become everyone's job in this industry.
In the breach that became public June 11, some 3.3 million consumer files were accessed, primarily involving Audi as well as some Volkswagen customers from 2014 to 2019, according to the two brands' U.S. parent company. Luckily, the vast majority of the stolen data was low-level contact information — a bit more detail than what an old-fashioned phone book could provide — and only a small fraction contained more detailed financial information that might cause trouble for consumers.
The automaker reported that hackers had accessed the data in an electronic file that the vendor — Shift Digital, of Birmingham, Mich. — had left unsecured.