American Honda says it has contacted millions of its customers after hackers stole a database containing names, email addresses, and VINs (the Vehicle Identification Number, or unique 17 character ID for your motor vehicle).
The obvious danger is that cybercriminals might use the list to send out emails to Honda customers, designed to trick them into clicking on malicious attachments or links, or fool them into handing over personal information. After all, if the hackers were able to present themselves as Honda, and reassured you that they were genuine by quoting your Vehicle Identification Number, then as a Honda customer you might be very likely to click on a link or open an attachment.
For that reason, Honda has contacted all of the 2.2 million customers it believes may have been affected by the security breach.
According to a report by the Columbus Dispatch, the data was stolen from a third-party company who sent out “Welcome” emails to customers who created accounts with the firm.
A further 2.7 million customers of Honda’s luxury Acura car brand were also exposed by hackers from a separate list, although in that case only email addresses are said to have been stolen by hackers.
Nevertheless, the email addresses could be used for sending out spam campaigns and customers are unlikely to view the data breach sympathetically if they find themselves the target of unwanted email marketing campaigns from spammers and phishers.
Honda has published further information and an FAQ for affected customers on its website.
There’s an important lesson that more companies can learn from cases like this. You don’t just need to ensure that you are taking enough care about the security and protection of the private customer data you store – you also need your partners and third-party vendors to follow equally stringent best practices.
It may not be your company who is directly hacked, but it can still be your customers’ data that ends up exposed, and your brand name that is tarnished.