General Motors Hack Exposes Car Owner Information

The  US automobile manufacturer General Motors has (GM) confirmed that it suffered from a cyber attack in April that exposed customer information. GM operates an on the web platform that helps owners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors. GM say they detected malicious activity between April 11 and 29 of this and released a data breach notification to its affected customers. 

Personal information belonging to customers exposed in the attack includes first and last names, email and home addresses, usernames, phone numbers, last known location information and profile pictures. 

In addition, the attack allowed hackers to redeem rewards points and gain gift cards. GM says that it will be restoring rewards points for all affected customers.

Other potential details that might have been accessible to the attackers includes car mileage history, emergency contacts, and Wi-Fi hotspot settings. There is no evidence to date that the login information was obtained from GM itself nor that GM credentials were breached previously. 

The credential stuffing attack consisted of threat actors obtaining credentials from a previous data breach and using them to log into another unrelated service. "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization," GM said in a data breach announcement sent to affected customers.

GM has advised that the affected customers reset passwords and request credit reports from their banks to ensure that banking information was not impacted and to prevent against identity theft.

OAG.Gov:    Oodaloop:       Infosecurity Magazine:       Bleeping Computer:     Venturecation

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:
 

« Responding To An Unintentional HIPAA Violation
Fraud Online & On The Telephone »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Acuity Risk Management

Acuity Risk Management

Acuity Risk Management helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

DataCloak

DataCloak

DataCloak is an innovation company that focus on providing enterprise data-in-motion security solutions based on zero-trust security technology.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.