Honda breach exposes over 283,000 customer records
Honda Canada has confirmed that it was the victim of an attack on its servers in March of this year. In letters sent out to customers, dated 13 May – two months after the data breach took place – the company said that it "discovered an unusual volume of usage in the myHonda and myAcura websites including some unauthorised attempts to access account information".
According to security specialist Sophos, attackers gained access to a total of more than 283,000 customer records on the company's sites. Information obtained during the data leak included customer names, addresses and Vehicle Identification Numbers (VINs). Other details, such as dates of birth, email addresses, telephone numbers and social security numbers, were not exposed. However, as noted by Sophos, an updated statement on Honda's web site says that, "in a small number of cases, Honda Financial Services ("HFS") account numbers" were also exposed.
Honda Canada says that it has "notified the Canadian federal and all applicable provincial privacy commissioners' offices" of the situation. A class action lawsuit against Honda Canada for the breach has already been launched on behalf of affected customers.