Update: Honda Canada breach exposed data on 280,000 individuals
Company says ID theft unlikely because no SSNs, driver license details, birth dates, or bank details were compromised
Computerworld - Honda Canada has notified about 280,000 customers in that country of a data breach involving the compromise of their personal data.
The breach was discovered in late February. However the company only began notifying customers of the compromise earlier this month.
An undated alert posted on the company's website said the incident involved the unauthorized access of customer names, addresses, vehicle identification numbers and, in the case of a small number of customers, their Honda Financial Services account numbers.
Jerry Chenkin, executive vice president of Honda Canada, said Thursday the reason for the delay was that the company needed time to figure out the scope of the breach before it could begin notifying customers.
According to Chenkin, unknown intruders breached a Web server that allows Honda and Acura customers in Canada to set up personal MyHonda and MyAcura websites.
Honda had contacted about 280,000 customers via a mail campaign in 2009 asking them to register their personal websites. As part of that campaign, Honda had pre-populated each personal Web page with details about the owner and his or her vehicles. Data from these personal sites is what appears to have been illegally accessed, Chenkin said.
Honda's IT staff discovered the breach when they were investigating the cause of unusual activity in the Web server hosting the MyHonda and MyAcura sites, he said.
Once the breach was discovered, the system was immediately taken offline while the cause and scope of the breach was identified, Chenkin said.
The data that was exposed is unlikely to result in identity theft because it did not include details such as Social Security numbers, driver's license information, birth dates, phone numbers or credit card numbers, Honda said in its notice.
The note warned affected customers to be on the lookout for phishing campaigns referencing their ownership of a Honda vehicle. But for the moment, customers do not have to take any measures to protect themselves, the company said.
News of the breach was first reported by < target="new" href=" http://www.databreaches.net/?p=18413">DataBreaches.net. An unnamed reader quoted in the DataBreaches report claimed to have received Honda's notification letter on May 13. "It appears that even if you didn't create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved," the blog noted.
Chenkin said Honda has taken several steps to ensure that such an incident doesn't happen again. He did not elaborate.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts