General Motors Hack Exposes Car Owner Information

Uploaded on 2022-05-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Manufacturing

The  US automobile manufacturer General Motors has (GM) confirmed that it suffered from a cyber attack in April that exposed customer information. GM operates an on the web platform that helps owners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors. GM say they detected malicious activity between April 11 and 29 of this and released a data breach notification to its affected customers. 

Personal information belonging to customers exposed in the attack includes first and last names, email and home addresses, usernames, phone numbers, last known location information and profile pictures. 

In addition, the attack allowed hackers to redeem rewards points and gain gift cards. GM says that it will be restoring rewards points for all affected customers.

Other potential details that might have been accessible to the attackers includes car mileage history, emergency contacts, and Wi-Fi hotspot settings. There is no evidence to date that the login information was obtained from GM itself nor that GM credentials were breached previously. 

The credential stuffing attack consisted of threat actors obtaining credentials from a previous data breach and using them to log into another unrelated service. "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization," GM said in a data breach announcement sent to affected customers.

GM has advised that the affected customers reset passwords and request credit reports from their banks to ensure that banking information was not impacted and to prevent against identity theft.

OAG.Gov:    Oodaloop:       Infosecurity Magazine:       Bleeping Computer:     Venturecation

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:
 

« Responding To An Unintentional HIPAA Violation
Fraud Online & On The Telephone »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Guardea Cyberdefense

Guardea Cyberdefense

Guardea Cyberdefense is an IT services company specializing in the management of security projects, with a pool of skills selected from a network of specialized partners.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.