P2022-ND-018

Mercedes-AMG GMBH

? On June 21, 2021, the Organization was made aware that personal data files relating to users of its ‘Private Lounge’ service was being offered for sale on a web forum.
? The Private Lounge is an internet community platform established and provided by the Organization for owners of Mercedes-AMG vehicles, who could register to join the Private Lounge via an online registration process..
? An external security researcher reported the sale of the data.
he web forum post claims to have details of approximately 99,000 customer records for the Private Lounge service dating from 2019 and earlier.
? The incident resulted from a compromise of data sets relating to Private Lounge customer data, which formed part of a data migration process that took place in 2019.
? The Private Lounge platform was rebuilt in 2019. As part of this rebuild, the Organization migrated data sets of approx. 99,000 individuals from one server located in Germany to another server also located in Germany.
? During this migration process, an unknown criminal appears to have gained access to the relevant data sets.

File Type: pdf
Categories: 2022