Excerpt from The Cyber Express Article, Published on July 26, 2024
In a significant blow to data privacy, BMW has reported a major data breach affecting approximately 14,000 customers in Hong Kong. The BMW data breach, first flagged to the Office of the Privacy Commissioner for Personal Data on July 18, 2024, has raised serious concerns and sparked an investigation by local privacy authorities.
On Thursday, BMW Concessionaires (HK), the exclusive distributor of BMW vehicles in Hong Kong, revealed that sensitive information, including names, mobile numbers, and SMS opt-out preferences, was exposed. The compromised data was managed by third-party contractor Sanuker, which alerted both the police and the privacy watchdog about the BMW data leak.
Cybersecurity expert Michael Gazeley criticized BMW for its lack of direct communication with affected customers, highlighting potential consequences for fraud and scams based on the exposed data. The Office of the Privacy Commissioner for Personal Data is investigating the incident but has not yet received formal complaints.
This breach is part of a concerning history of BMW cyberattacks. Earlier in February 2024, a security lapse exposed sensitive internal information due to a misconfigured cloud storage server on Microsoft Azure. Security researcher Can Yoleri discovered the exposed data, which included access credentials for BMW’s cloud services.
Adding to the alarm, the hacker group 888 claimed responsibility for the data leak, making the stolen data publicly available on July 15, 2024. This included salutations, surnames, first names, mobile numbers, and SMS opt-out preferences of BMW customers in Hong Kong.
BMW has stated it is taking the privacy of its customers very seriously and has committed to enhancing its data security measures to prevent future incidents. The company continues to bolster its systems’ security to protect customer data from unauthorized access.
To delve deeper into this topic, please read the full article on The Cyber Express.
