Honda US cops to vast data snaffle from marketing firm
What comes of trusting PRs
Posted in Crime, 31st December 2010 13:29 GMT
Free whitepaper – Ensuring service assurance in the new normal
Honda US has written to customers following a data breach that led to the exposure of million of customer records.
Hackers made off with a database containing names, email addresses, and Vehicle Identification Numbers (the unique ID for cars) of 2.2 million Honda customers following an attack on an unnamed third-party marketing outfit. The breach creates a mechanism for miscreants to distribute convincing phishing emails, perhaps posing as "special offers", and designed to hoodwink victims into disclosing more sensitive private information.
Honda has contacted affected customers to warn them of the risk, as well as publishing an FAQ on the breach. Criminal hackers also swiped a list containing email address records of 2.7 million drivers of Honda's luxury Acura car. Vehicle information was not attached to that list, a factor that means it only poses a lesser risk, mainly from the possibility of increased spamming against exposed email accounts.
Net security firm Sophos notes that the incident illustrates how the security reputation of household brands can be damaged by security faux-pas from its partners. "It may not be your company who is directly hacked, but it can still be your customers' data that ends up exposed, and your brand name that is tarnished," Sophos notes.
"You don't just need to ensure that you are taking enough care about the security and protection of the private customer data you store - you also need your partners and third-party vendors to follow equally stringent best practices." ®
Risk and Resilience
The Register Guide to managing spam
The Impact of IT Security Attitudes
The Register Green Computing Report
The Evolving Security Landscape
