Honda Canada Inc. has announced it was the victim of an attack in March that exposed the records of over 283,000 car owners, potentially putting them at risk of targeted scams.
Data such as the owners’ names, addresses and even their Vehicle Identification Numbers (VINs) were leaked when attackers compromised records on the company’s servers earlier this year, according to a letter distributed to car owners this month. Officials at Honda said they detected the breach after noticing “an unusual volume of usage in the myHonda and myAcura websites.” The stolen information was linked to a series of customer mailings from 2009 promoting the sites.
While sensitive data like birth dates, telephone and social security numbers weren’t leaked, “in a small number of cases,” customers’ Honda Financial Services account numbers were, according to a statement on the company’s site. That information could lead to an increase in spam and social engineering scams customized for Honda owners.
The Toronto Star reported that a class action lawsuit, seeking $200 million in damages against Honda was filed by law firm Flaherty Dow Elliott & McCarthy in Oshawa, Ontario on Friday. The suit calls out the Japanese-based car manufacturer for their poor security but also cites the two month gap between the breach and the company’s announcement.
Honda claims the delay between the breach and their notification was necessary to fully gauge the gravity of the situation, according to a Canadian Business Online report.
The breach has a certain déjà vu about it for Honda after its American counterpart, American Honda Motor Company, had to notify 4.9 million customers at the tail-end of 2010 that a company that handles its data was hacked. This breach, much like March’s, lead to the breach of email addresses and VINs.