According to the car company, the event was detected on March 10, 2021 and a law enforcement investigation was promptly begun into the subject. According to the investigation, a third party obtained access to diverse data collected between 2014 and 2019 and left it exposed “at some point between August 2019 and May 2021,” when the source of the breach was discovered. “On or around May 24, 2021, VWGoA learned the information at issue included more sensitive personal information. “On or about June 7, 2021, VWGoA completed the analysis to establish which specific persons were impacted,” the corporation said to the Maine Attorney General. According to VWGoA, “limited personal information” about customers and potential purchases in the United States and Canada was accessed as part of the incident. A vendor used by Audi, Volkswagen, and authorised dealers exposed the information. Names, email and mailing addresses, and phone numbers are among the information disclosed. Vehicle identification numbers (VINs), make, model, colour, trim packages, and year were all compromised in some cases on purchased or leased automobiles. The tragedy had an impact on more than 3.3 million people. According to VWGoA, “the exposed information comprises primarily of contact and vehicle information linked to Audi customers and interested buyers” for “over 97 percent of the individuals.” The hacked data also includes information on eligibility for a purchase, loan, or lease for around 90,000 Audi customers or those interested in making a purchase. This contains driver’s licence numbers in the vast majority of cases (almost 95 percent). According to VWGoA, “a very tiny proportion of records contain data such as dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.” The organisation has already notified anyone who have been affected by the data leak. The Maine Attorney General’s office received a copy of the letter delivered to customers and potential buyers.
