GM Discloses Data Breach of Cars’ Locations, Mileage, Service

General Motors suffered a hack that exposed a significant amount of sensitive personal information on car owners—names, addresses, phone numbers, locations, car mileage, and maintenance history.

The Detroit-based automaker revealed details of the incident in a breach disclosure filed with the California Attorney General’s Office on May 16. The disclosure explains that malicious login activity was detected on an unspecified number of GM online user accounts between April 11 and 29. Further investigation revealed that the company had been hit with a credential stuffing attack, which saw hackers infiltrate user accounts to steal customer reward points, which they then redeemed for gift cards

[…]

In addition to the reward points theft, the incident also exposed a significant amount of user information. GM’s breach notification lays out a full list of the information that may have been compromised by the hackers:

  • first and last name
  • personal email address
  • home address
  • username
  • phone number
  • last known and saved favorite location
  • OnStar package (if applicable)
  • family members’ avatars and photos
  • profile picture
  • search and destination information
  • reward card activity
  • fraudulently redeemed reward points

[…]

Source: GM Discloses Data Breach of Cars’ Locations, Mileage, Service

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft