General Motors Hack Exposes Car Owner Information

The  US automobile manufacturer General Motors has (GM) confirmed that it suffered from a cyber attack in April that exposed customer information. GM operates an on the web platform that helps owners of Chevrolet, Buick, GMC, and Cadillac automobiles manage their expenses and redeem rewards factors. GM say they detected malicious activity between April 11 and 29 of this and released a data breach notification to its affected customers. 

Personal information belonging to customers exposed in the attack includes first and last names, email and home addresses, usernames, phone numbers, last known location information and profile pictures. 

In addition, the attack allowed hackers to redeem rewards points and gain gift cards. GM says that it will be restoring rewards points for all affected customers.

Other potential details that might have been accessible to the attackers includes car mileage history, emergency contacts, and Wi-Fi hotspot settings. There is no evidence to date that the login information was obtained from GM itself nor that GM credentials were breached previously. 

The credential stuffing attack consisted of threat actors obtaining credentials from a previous data breach and using them to log into another unrelated service. "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization," GM said in a data breach announcement sent to affected customers.

GM has advised that the affected customers reset passwords and request credit reports from their banks to ensure that banking information was not impacted and to prevent against identity theft.

OAG.Gov:    Oodaloop:       Infosecurity Magazine:       Bleeping Computer:     Venturecation

You Might Also Read: 

Personal Data Of Two Million Texans Left Exposed For Years:
 

« Responding To An Unintentional HIPAA Violation
Fraud Online & On The Telephone »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

PETRAS IoT Hub

PETRAS IoT Hub

PETRAS is a consortium of 12 research institutions and the world’s largest socio-technical research centre focused on the future implementation of the IoT.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.