General Motors Hack Exposes Car Owner Information

Uploaded on 2022-05-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Manufacturing

The  US automobile manufacturer General Motors has (GM) confirmed that it suffered from a cyber attack in April that exposed customer information. GM operates an on the web platform that helps owners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors. GM say they detected malicious activity between April 11 and 29 of this and released a data breach notification to its affected customers. 

Personal information belonging to customers exposed in the attack includes first and last names, email and home addresses, usernames, phone numbers, last known location information and profile pictures. 

In addition, the attack allowed hackers to redeem rewards points and gain gift cards. GM says that it will be restoring rewards points for all affected customers.

Other potential details that might have been accessible to the attackers includes car mileage history, emergency contacts, and Wi-Fi hotspot settings. There is no evidence to date that the login information was obtained from GM itself nor that GM credentials were breached previously. 

The credential stuffing attack consisted of threat actors obtaining credentials from a previous data breach and using them to log into another unrelated service. "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization," GM said in a data breach announcement sent to affected customers.

GM has advised that the affected customers reset passwords and request credit reports from their banks to ensure that banking information was not impacted and to prevent against identity theft.

OAG.Gov:    Oodaloop:       Infosecurity Magazine:       Bleeping Computer:     Venturecation

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:
 

« Responding To An Unintentional HIPAA Violation
Fraud Online & On The Telephone »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

Pelion IoT

Pelion IoT

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.