1.6 million hit in possible Mercedes-Benz data breach — what you need to know

Mercedes EQS
(Image credit: Daimler)

Mercedes-Benz USA yesterday (June 24) disclosed a data leak on the part of a third-party vendor that exposed the personal information of up to 1.6 million prospective and actual customers, including names, street addresses, email addresses and phone numbers.

In addition, said Mercedes-Benz USA, "less than 1,000" people had very sensitive personal information — such as "driver's license numbers, Social Security numbers, credit-card information and dates of birth" — exposed. Mercedes-Benz said it would provide free credit monitoring and identity-theft protection to those individuals.

If the data was indeed stolen (there's no evidence yet that it was), then those 1,000 or so individuals are at elevated risk of identity theft. A full name, street address, date of birth and Social Security number are often all you need to open accounts in someone else's name. 

Anyone told by Mercedes-Benz USA that that very sensitive information was exposed should consider accepting the credit-monitoring offer, though be sure to read the fine print as signing on may limit your options for legal action in the future. Alternately, you might want to consider paying for one of our best identity theft protection services.

You should also notify one of the Big Three credit-reporting agencies to place a fraud alert on your credit file, and that agency will notify the other two of the Big Three. You may want to consider instituting a credit freeze as well, though that can have some unexpected side effects. Here are instructions on how to place a fraud alert and credit freeze.

Mercedes-Benz USA said it was told by the unnamed vendor on June 11, as "part of an ongoing investigation" into an "issue ... uncovered through the dedicated work of an external security researcher," that the data "was inadvertently made accessible on a cloud storage platform." 

This just happened to Volkswagen too

On that same day, June 11, Volkswagen of America disclosed that it too had had the personal data of 3.3 million prospective and actual Audi customers exposed on an unnamed third-party vendor's database. Some of the Audi data later showed up for sale in an online cybercrime marketplace. 

The timing and striking similarities between the two incidents involving the North American branches of German luxury carmakers may be only circumstantial.

For the moment, it's not clear whether any of the Mercedes-Benz data was stolen from the database before its unprotected state was discovered and fixed. 

"We have no evidence that any Mercedes-Benz files were maliciously misused," the company said. "No Mercedes-Benz system was compromised as a result of this incident."

The company said that anyone trying to view the exposed data "would need knowledge of special software programs and tools" and that "an internet search would not return any information contained in these files."

The data was entered into Mercedes-Benz USA dealer and company websites by customers and prospective buyers between Jan. 1, 2014 and June 19, 2017, the company said.

If you have concerns, you can call Mercedes-Benz USA at (800) 367-6372.

Read next: The Mercedes EQE SUV has just been announced, and here's everything you need to know

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
An open lock depicting a data breach
More than 3.3 million people hit by employee screening data hack — what you need to know
Globe Life insurance company logo on a cell phone in front of a monitor display the About page for the company. Shadowy hand holds the phone.
850,000 people exposed in massive insurance data breach — full names, dates of birth and SSNs
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
An open lock depicting a data breach
Massive healthcare data breach just exposed the personal info of 1 million Americans — what to do now
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly