By on June 25, 2021

Mercedes-Benz inadvertently leaked the private data of some of its customers. The good news is that the number of affected people was alleged to have capped somewhere around one thousand at the time of this writing. But the bad news is that this wasn’t like having your e-mail or phone number getting out there. Contents reportedly included customers’ social security numbers, self-reported credit scores, driver licenses, addresses, and credit card information.

While the odds of you personally being affected remain low, the circumstances in which this took place are becoming increasingly common. Customers and interested buyers entering personal data into company and dealer websites between 2014 and 2017 had their data stored via a cloud storage platform. But it wasn’t as secure as it should be and Mercedes is now blaming the vendor for the security breach and subsequent embarrassment. 

Unfortunately, the compensation the manufacturer is willing to offer leaves a lot to be desired and it sounds like there’s more digging to be done before we can definitively anything about the scope of the problem. It’s slightly odd that it would be limited to just a thousand people when the cloud storage platform became a receptacle for consumer data coming in from numerous sources and spanning several years.

Mercedes is offering people who had their data left out in the wind a complimentary two-year subscription to a credit-monitoring service. That could be especially handy if someone uses the breach to steal your identity and rack up a bunch of debt. But it hardly seems like sufficient compensation for someone who had their private information mishandled. For what it’s worth, the company is claiming it has the whole thing handled.

“Data security is a serious matter for MBUSA,” stated the manufacturer in an apologetic release. “Our vendor confirmed that the issue is corrected and that such an event cannot be replicated. We will continue our investigation to ensure that this situation is properly addressed.”

From Mercedes:

The investigation was initiated to assess the accessibility of approximately 1.6 million unique records. The vast majority of these records included information such as name, address, emails, phone numbers, and some purchased vehicle information. However, MBUSA would like to stress that a review of the total data entry record set determined that less than 1,000 individual Mercedes-Benz customers and interested buyers had additional personal information in a publicly accessible state. Mercedes-Benz USA has already begun notifying individuals, whose additional information was accessible, about this incident. Any individual who had credit card information, a driver’ s license number or a social security number included in the data will be offered complimentary 24-month subscription to a credit monitoring service. We will also notify the appropriate government agencies.

Any individuals who have questions or concerns about this incident should contact the Mercedes-Benz Customer Assistance Center at 1-800-367-6372.

This is the kind of stuff that has me often playing the skeptic when it comes to the automotive industry’s current infatuation with consumer data and cloud-based storage solutions. While dumping information onto the cloud helps it avoid it becoming subject to physical harm (e.g. natural disasters), you’re effectively handing it all over to a third party that can do whatever it likes and making it vulnerable to their screwups. And all the conveniences of being able to access files anywhere do pose a few alternative security risks.

Though we don’t have a sound solution other than recommending you think twice before handing sensitive info over to any organization. Businesses the world over are now heavily reliant on cloud-based storage and keen to hoover up as much data as they can find.

[Image: Franz12/Shutterstock]

Get the latest TTAC e-Newsletter!

14 Comments on “Mercedes-Benz Accidentally Shares Consumer Data...”

  • avatar
    SCE to AUX

    It makes sense that this type of service is outsourced, but I wonder how well MB or its customers were contractually protected against mistakes like this. Perhaps nobody performed routine security tests on it, or maybe MB didn’t even know what questions to ask.

    MB: “Is this thing secure?”
    Data vendor: “Yep, sure is”
    MB: “OK, cool”

    MB: “Data security is a serious matter for MBUSA”

    I’m not throwing MB under the bus; such breaches seem like part of the daily news in our lives. Providing personal information during a transaction is nearly unavoidable, even if you paid cash. I mean, they still need to know where you live.

  • avatar

    2-years of credit monitoring lame.

    Remember when there was the TransUnion credit breach? I think they offered 2 years of credit monitoring or $50. EVERYONE took the 50 and they ran out of cash.

  • avatar

    But I thought the cloud was safe ? /s

    • 0 avatar

      It’s as safe as anything easily accessible 24/365. An AWS data center sure beats the heck out of some dealer’s laptop left at Starbucks.

      If there’s some thing you insist on being 100% certain won’t fall into the “wrong” hands, you’re left with the sole option of committing it only, solely to memory. And then, once you have made sure it doesn’t exist anywhere outside of your own memory, shooting yourself in the head. As far as I know, even the Israelis don’t claim to be able to recover useful information from blown out grey matter.

      For everything else, once you hand it over to a website, it’s out there. Get used to it.

    • 0 avatar

      Don’t get me started…

      The more customers they get, the bigger the target they are.

      The more customers they get, the bigger the breach.

      The more customers they get, the more interface points (potential breach points) there are.

      They put tons of effort into security, but it will never be enough.

  • avatar
    schmitt trigger

    Welcome to the New World Order.

    Of course, I am joking.
    But only a little.

  • avatar

    “Data security is a serious matter for MBUSA,” – obviously – NOT

    “Our vendor confirmed that the issue is corrected..” – you mean Mumbai trunk-slamming IT force?

    This is why I write the check and forget it.

  • avatar

    The focus on “cloud” is a bit misplaced here. This data is going to be on networked servers whether those servers belong to MB or someone else. In either case MB is responsible for making sure it’s secure, and they failed.

    Any breach of SSNs is very, very bad.

  • avatar

    So that’s where Katherine Archuleta went after she left OPM.

  • avatar

    Mercedes used to be the epitome of quality, understated luxury, class, comfort, engineering and durability.
    All the guys that worked there when that was the case have retired years ago. The new crew is entirely different. Only the name is the same. Its cache is gone; buying a Mercedes now means you are overpaying for something that is being underdelivered.

Read all comments

Back to TopLeave a Reply

You must be logged in to post a comment.

Recent Comments

  • dal20402: I rented a Durango R/T recently. It was nice enough (though the wife took one look at the black/red...
  • dal20402: Around here, we don’t have deserts to fly across. Off-roading is slow, bumpy, and often technical....
  • tylanner: The last gasp cash grab of the oil industry…
  • Jeff S: Wasn’t too long ago that you could get whitewalls on new vehicles and some tire makers like Hankook...
  • Jeff S: @Arthur–Agree at least Corey’s articles do not elicit all the political comments.

New Car Research

Get a Free Dealer Quote

Who We Are

  • Adam Tonge
  • Bozi Tatarevic
  • Corey Lewis
  • Jo Borras
  • Mark Baruth
  • Ronnie Schreiber