In August 2024, a threat actor known as @888 claimed to have breached BMW Hong Kong’s database, resulting in the exposure of 14,057 rows of customer data. This breach allegedly contains more information than a previous leak from the same entity. The compromised data announcedly includes vehicle makes, chassis numbers, registration details, customer names, contact information, and marketing preferences.
Key Details of the Breach:
The leaked data is said to include various customer-related details:
- Vehicle Information: Make, chassis, registration number, and model series.
- Personal Details: Vehicle owner’s account, salutation, first and last names, and whether they are corporate customers.
- Contact Preferences: Opt-out options for calls and SMS.
The actor has provided samples of the data, and though the claims are not yet verified, this incident underscores the critical need for robust cybersecurity measures, especially for companies handling sensitive customer information. BMW Hong Kong, part of the global automotive giant with a revenue of $168.4 billion, now faces serious questions about its data security practices.