WASHINGTON —AG’s U.S. unit said a data breach at a vendor impacted more than 3.3 million customers and prospective buyers in North America.
Nearly all those impacted were current or potential customers of, one of the German automaker’s luxury brands.
said on Friday an unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian used for digital sales and marketing.
The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured.
The company told regulators the vast majority of customers only had phone numbers and email addresses potentially impacted by the data breach. In some cases, data also includes information about a vehicle purchased,, or inquired about.
said 90,000 Audi customers and prospective buyers had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.
The sensitive data was comprised ofnumbers in more than 95% of cases. A small number of records included additional data like dates of birth, Social Security numbers and account numbers.
The automaker does not believe sensitive information is involved in Canada.
More than 3.1 million people affected are in the United States.
VW believes the data was obtained at some point between August 2019 and May of this year, when the automaker identified the source of the incident.