DataBreaches.net reports that Honda Canada has notified about 280,000 customers of a data breach. Their personal data has been compromised. The breach was discovered in March, but the company only began notifying customers earlier this month.
An undated alert posted on the company’s Web site said the customer names, addresses, vehicle identification numbers, and a small number of Honda Financial Services account numbers were accessed without authorization. The Executive VP of Honda Canada said the reason for the delay in notification was due to the company needing time to figure out the scope of the breach. Attackers breached a web server that allows customers in Canada to set up customized “MyHonda” and “MyAcura” web sites. Data from these personal sites is what appears to have been illegally accessed.
Honda’s IT staff discovered the breach while looking into unusual activity on the web server hosting the MyHonda and MyAcura sites. The system was immediately taken offline while the cause and scope of the breach was investigated.
Honda suspects that the data that was exposed is unlikely to result in identity theft because it did not include details such as Social Insurance Numbers, driver’s license information, birth dates, phone numbers or credit card numbers. The note on the web site warned affected customers to be on the lookout for phishing campaigns referencing their Honda vehicle ownership.
Honda has “taken several steps” to ensure such an incident doesn’t happen again. What those steps are remains unknown at this time.