Exploit: Unauthorized Database Access
BMW UK: Automobile and Truck Manufacturer, UK Division
Risk to Small Business: 2.203 = Severe
A customer database containing information for BMW owners in the UK was recently discovered for sale by cybersecurity researchers, The database was offered in an underground forum by the KelvinSecurity Group, a well-known hacking group responsible for several major data sales in the last few months. The available information included customer names, emails, addresses, vehicle numbers, dealer names, and other information. The data was purportedly obtained from a corporate call center and includes records from 2016 to 2018. The database is also reported to contain data for some UK customers of other car companies including Mercedes, Honda, and Hyundai.
Individual Risk: 2.616 = Moderate
No financial information or highly sensitive personal data was reported stolen in the breach. BMW owners in the UK should be aware that this information could be used for spear phishing.
Customers Impacted: 500,000
How it Could Affect Your Customers’ Business: One stolen credential can lead to a world of trouble. Data like this is always popular on the Dark Web. While highly coveted information like credit card numbers or other financial data isn’t included in this database, the information that is available could prove useful for bad actors who are looking for ammunition to mount spear phishing and whaling attacks.