While Tokyo-based Sony Corp. battles massive data security breaches, Japanese carmaker Honda is confronting its own online challenge — the theft of personal information from 283,000 Honda and Acura customers in Canada.
Jerry Chenkin, executive vice-president and chief compliance officer at Honda Canada Inc., confirmed Thursday that names, addresses and vehicle identification numbers were taken from the company's e-commerce websites myHonda and myAcura, with suspicious activity on the site first detected in late February.
In a letter to affected vehicle owners dated May 13 and obtained by the Star, Honda Canada said it was alerted by unusual volume on the sites, including “some unauthorized attempts to access account information.” The letter said financial information was not compromised.
Honda, which does not sell customer data to third parties, is investigating the incident, which has been reported to police. Perpetrators have not been identified and no group has claimed responsibility.
The letter warns of “possible improper access of information,” but said customers are not at risk for fraud and identity theft. Chenkin said federal and provincial privacy commissions were notified and customers were warned of the breach “as soon as possible.”
A spokeswoman for the federal privacy commissioner said the office has received inquiries from Honda customers about the breach “and over concern about the timing” (of the notification), adding that the office is looking at the issue and is in discussions with Honda Canada.
The letter said customers should be on the alert for marketing overtures that reference ownership of a Honda or Acura vehicles.
Chenkin said data was breached in personal addresses or web URLs assigned to customers using the sites, adding that the addresses were shut down immediately after the breach was detected.
He said Honda believed the records contained in a 2009 database were destroyed by a vendor that handled the project. “Apparently, they were not.”
Birthdates, telephone numbers, email addresses, credit card numbers, bank accounts and information on Honda financial services transactions were not taken, he added.
The concern is that affected customers, especially those on the list with the VINs, may be targeted for some kind of “phishing” attack from someone pretending to be a local Honda dealer who correctly identifies the recently purchased vehicle and requests more personal information to trigger “special offers.”
Online security experts said the information can ultimately be used to steal identities.
Honda late last year warned more than two million of its customers in the U.S. that an email database containing some of their personal information had been stolen.
The list contained names, login identities, email addresses and vehicle identification numbers of the Honda owners, while another list containing only the email addresses of nearly three million Acura owners was also taken.
Chenkin said Honda responded to the U.S. breaches with an audit of its online security practices and its web vendors.
No comments:
Post a Comment