Honda Canada loses 283,000+ records, now faces lawsuit

Filed Under: Data loss, Privacy, Vulnerability

Honda Canada disclosed the loss of more than 283,000 records this week. Letters mailed to affected customers explained that the information was stolen in March when hackers broke into the myHonda and myAcura websites.

Honda Canada data breach letter

Honda waited over two months to notify its customers, claiming it needed to assess the gravity of the situation and determine exactly what data may have been stolen. While it is important to determine the facts, Honda appears to have been less forthright than they claim.

The letter mailed to Honda customers stated:

"The incident involved the possible improper access of information, as held in our records in 2009, specifically your name, address and Vehicle Identification Number."

A few days later they then appended the statement on their website to say:

"and in a small number of cases, Honda Financial Services ("HFS") account numbers."

myHonda portalThe Toronto Star reports that this has triggered a class action lawsuit on behalf of affected customers. The lawyers are suing for $200 million in damages for failure to protect personal and confidential information and failure to notify customers in "a reasonable amount of time."

Similar to one of the Sony attacks, it is being reported that the data was left behind after a mailing campaign in 2009 and not properly deleted. Honda Canada should have been on high alert after a very similar incident at Honda USA.

Honda Canada customers should watch carefully for fraud or contact from parties claiming to be related to Honda or Honda Finance. Fortunately, most of the information that was compromised is public knowledge and did not include birth dates, Social Insurance Numbers or other confidential information.

Has your organization taken the appropriate steps to secure your customers' data? A little encryption can go a long way in protecting you from a data loss incident and as we see here, even lawsuits.

If you would like to learn more about data protection and the types of threats that can compromise your organization, why not download our free Data Security Toolkit?

, , , , , ,

You might like

2 Responses to Honda Canada loses 283,000+ records, now faces lawsuit

  1. Everyone was outraged because Sony waited two weeks. It's hard to believe Honda could wait two months to disclose this. LastPass was a model citizen when they almost foolishly disclosed an Anomaly. Purely looking at blog comments, LastPass' fast and prudent actions seem to have helped them more than hurt them. I thought big companies like Sony and Honda paid people to keep their finger on the pulse of the online community. Is anyone listening?

  2. Saj · 1235 days ago

    Who do i call to be apart of the lawsuit? or am i automatically in?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.