General Motors Hack Exposes Car Owner Information

Uploaded on 2022-05-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Manufacturing

The  US automobile manufacturer General Motors has (GM) confirmed that it suffered from a cyber attack in April that exposed customer information. GM operates an on the web platform that helps owners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors. GM say they detected malicious activity between April 11 and 29 of this and released a data breach notification to its affected customers. 

Personal information belonging to customers exposed in the attack includes first and last names, email and home addresses, usernames, phone numbers, last known location information and profile pictures. 

In addition, the attack allowed hackers to redeem rewards points and gain gift cards. GM says that it will be restoring rewards points for all affected customers.

Other potential details that might have been accessible to the attackers includes car mileage history, emergency contacts, and Wi-Fi hotspot settings. There is no evidence to date that the login information was obtained from GM itself nor that GM credentials were breached previously. 

The credential stuffing attack consisted of threat actors obtaining credentials from a previous data breach and using them to log into another unrelated service. "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization," GM said in a data breach announcement sent to affected customers.

GM has advised that the affected customers reset passwords and request credit reports from their banks to ensure that banking information was not impacted and to prevent against identity theft.

OAG.Gov:    Oodaloop:       Infosecurity Magazine:       Bleeping Computer:     Venturecation

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:
 

« Responding To An Unintentional HIPAA Violation
Fraud Online & On The Telephone »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

GigaOm

GigaOm

GigaOm's mission is to provide enterprises with information and analysis to help them make better decisions about technology.

Synopsys

Synopsys

Synopsys delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

MODUS X

MODUS X

MODUS X is a Ukrainian IT product and service company created from the IT department of the DTEK Group of Companies.