Volkswagen says the information of more than 3.3 million customers was disclosed after one of its vendors left an unsecured cache of customer data on the Internet.
The automaker said in a letter that the seller, used by Volkswagen, its subsidiary Audi, and authorized dealerships in the US and Canada, left customer data unprotected from 2014 to 2019 over a two-year period between August 2019 and May 2021 have.
According to Volkswagen, the data collected for sales and marketing contained personal data from customers and prospective buyers, including name, postal and e-mail address and telephone number.
However, more than 90,000 customers in the United States and Canada have disclosed more sensitive information, including credit information. The letter said that most of the sensitive information was driver’s license numbers, but a “small” number of records also included a customer’s date of birth and social security numbers.
Volkswagen did not name the seller, …