Update: Honda Canada breach exposed data on 280,000 individuals
Company says ID theft unlikely because no SSNs, driver license details, birth dates, or bank details were compromised
Computerworld - Honda Canada has notified about 280,000 customers in that country of a data breach involving the compromise of their personal data.
The breach was discovered in late February. However the company only began notifying customers of the compromise earlier this month.
An undated alert posted on the company's website said the incident involved the unauthorized access of customer names, addresses, vehicle identification numbers and, in the case of a small number of customers, their Honda Financial Services account numbers.
Jerry Chenkin, executive vice president of Honda Canada, said Thursday the reason for the delay was that the company needed time to figure out the scope of the breach before it could begin notifying customers.
According to Chenkin, unknown intruders breached a Web server that allows Honda and Acura customers in Canada to set up personal MyHonda and MyAcura websites.
Honda had contacted about 280,000 customers via a mail campaign in 2009 asking them to register their personal websites. As part of that campaign, Honda had pre-populated each personal Web page with details about the owner and his or her vehicles. Data from these personal sites is what appears to have been illegally accessed, Chenkin said.
Honda's IT staff discovered the breach when they were investigating the cause of unusual activity in the Web server hosting the MyHonda and MyAcura sites, he said.
Once the breach was discovered, the system was immediately taken offline while the cause and scope of the breach was identified, Chenkin said.
The data that was exposed is unlikely to result in identity theft because it did not include details such as Social Security numbers, driver's license information, birth dates, phone numbers or credit card numbers, Honda said in its notice.
The note warned affected customers to be on the lookout for phishing campaigns referencing their ownership of a Honda vehicle. But for the moment, customers do not have to take any measures to protect themselves, the company said.
News of the breach was first reported by < target="new" href=" http://www.databreaches.net/?p=18413">DataBreaches.net. An unnamed reader quoted in the DataBreaches report claimed to have received Honda's notification letter on May 13. "It appears that even if you didn't create an account on their web sites, if they mailed you about upcoming specials in 2009, your data were involved," the blog noted.
Chenkin said Honda has taken several steps to ensure that such an incident doesn't happen again. He did not elaborate.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts