Sensitive personal information of Mercedes-Benz customers and would-be customers in the US from around six years ago has been made accessible on a cloud storage platform.

“At this time, we have no evidence that any Mercedes-Benz files were maliciously misused,” the German car and truck manufacturer said.

The information concerned is mainly self-reported credit scores and, in a very small number of cases, driver license numbers, social security numbers, credit card information and dates of birth, it added.

“To view the information, one would need knowledge of special software programs and tools: an internet search would not return any information contained in these files,” the company said.

The breach – which happened accidently – came to light mid-June when a vendor informed the company that data of less than 1,000 customers and potential customers was available on the cloud storage platform.

The information leak was uncovered through the dedicated work of an external security researcher, Mercedes-Benz USA said.

“It is our understanding the information was entered by customers and interested buyers on dealer and Mercedes-Benz websites between 1 January 2014 and 19 June 2017. No Mercedes-Benz system was compromised as a result of this incident,” the company added. 

“Our vendor confirmed that the issue is corrected and that such an event cannot be replicated. We will continue our investigation to ensure that this situation is properly addressed,” added Mercedes-Benz USA, which said it viewed data security as a serious matter.

The company is notifying potentially affected individuals who will be offered a complimentary 24-month subscription to a credit monitoring service should their personal information have leaked.

Mercedes-Benz USA’s investigation with the vendor continues and the company said it will also notify government agencies.


Missed PrivSec Global’s livestream experience? No problem, simply click here to access the sessions on demand.