Honda hack: Millions of customers' email addresses stolen

Filed Under: Data loss, Spam

HondaAmerican Honda says it has contacted millions of its customers after hackers stole a database containing names, email addresses, and VINs (the Vehicle Identification Number, or unique 17 character ID for your motor vehicle).

The obvious danger is that cybercriminals might use the list to send out emails to Honda customers, designed to trick them into clicking on malicious attachments or links, or fool them into handing over personal information. After all, if the hackers were able to present themselves as Honda, and reassured you that they were genuine by quoting your Vehicle Identification Number, then as a Honda customer you might be very likely to click on a link or open an attachment.

For that reason, Honda has contacted all of the 2.2 million customers it believes may have been affected by the security breach.

AcuraAccording to a report by the Columbus Dispatch, the data was stolen from a third-party company who sent out "Welcome" emails to customers who created accounts with the firm.

A further 2.7 million customers of Honda's luxury Acura car brand were also exposed by hackers from a separate list, although in that case only email addresses are said to have been stolen by hackers.

Nevertheless, the email addresses could be used for sending out spam campaigns and customers are unlikely to view the data breach sympathetically if they find themselves the target of unwanted email marketing campaigns from spammers and phishers.

Honda has published further information and an FAQ for affected customers on its website.

There's an important lesson that more companies can learn from cases like this. You don't just need to ensure that you are taking enough care about the security and protection of the private customer data you store - you also need your partners and third-party vendors to follow equally stringent best practices.

It may not be your company who is directly hacked, but it can still be your customers' data that ends up exposed, and your brand name that is tarnished.

, , , ,

You might like

4 Responses to Honda hack: Millions of customers' email addresses stolen

  1. karen · 1742 days ago

    We own a Honda. According to the email we got, "American Honda Motor Co., Inc. recently became aware of unauthorized access to an email list used by a vendor of customers who receive special offers and newsletters from Acura. We want to assure you that the only information that was obtained was your email address."

    So according to Honda, there's NO mention of the VIN being revealed or anything other than our email. Want to bet which version is accurate? I just hope they didn't also reveal social security numbers or more!

    Full disclosure, Honda!

  2. Greg · 1741 days ago

    who is next on the hack list? anyone left?

  3. W. Anderson · 1739 days ago

    Why does the technology and general media refuse to name
    the company from which Honda data files were hacked, or the
    software technology used by said company so that other businesses
    in USA can avoid using this company or any other identified as
    using poor or weak security tools on behalf of their clients.
    Somehow I suspect that the media may have be intimidated about
    releasing names, which is a sad tactic of Microsoft in the past
    about revealing how insecure it's software is in computer
    breaches. Witness 7-Eleven and TJMax debacles.

  4. Nevertheless, the contact information could be used for delivering out junk strategies and clients are unlikely to view the data violation sympathetically if they find themselves the focus on of undesirable marketing via e-mail from spammers and phishers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley