- Hyundai Motor Group revealed that a data breach exposed names, social security numbers, and other information about approximately 2,000 owners
- The companies are offering free credit monitoring to those affected
If you own a newer Hyundai, Kia, or Genesis product, there’s a good chance that a subsidiary company called Hyundai AutoEver America (HAEA) has your name, social security number, driver’s license number, and other identifying information. That could be a problem, so the company this week has begun alerting millions of users that hackers may have seen that data.
HAEA is the digital nervous system of Hyundai Motor Group, the entity that controls all three car brands. Its software manages many of the high-tech features in cars, as well as some of the back-end software dealerships use to sell cars and process payments.
In regulatory filings, HAEA has revealed that, between Feb. 2 and March 2, hackers may have accessed its systems. The hack went undetected for nine days — more than enough time for the perpetrators to access private data on owners.
Unknown Number Impacted
- The company claims 2.7 million users, but the company tells us the breach impacted a much smaller number
HAEA claims more than 2.7 million customers,but a company spokesperson tells Kelley Blue Book that the breach impacted “approximately 2,000.”
Security Week had speculated the number of customers affected might be much smaller than the millions with HAEA accounts, noting the company “submitted data breach notices to authorities in several U.S. states, including Maine, where one individual was impacted, and Massachusetts, where seven people were affected.”
In a letter filed with California’s Attorney General, the company says it has “launched an investigation with the support of external cybersecurity experts to assess the scope of the incident, confirm containment, and identify any affected information.”
Security Week reports, “The probe showed that the threat actor had gained access to personal information stored on compromised systems, but it could not confirm whether the information was exfiltrated. The exposed information includes names, Social Security numbers, and driver’s license numbers.”
Offering Credit Monitoring Services
- The company will pay for two years of credit monitoring for affected owners, but they must enroll
Letters sent to affected owners will offer two years of credit monitoring at HAEA’s expense.
Owners will have 90 days from receipt of the letter to sign up. If you don’t want to wait for your letter, those published so far offer a hotline for owners at 855-720-3727.
After a data breach, security experts also recommend that owners monitor their bank and credit card statements for unauthorized activity, and check their credit reports themselves for any new accounts they don’t recognize.
Information Security a Growing Issue for Drivers
- Modern cars collect a great deal of information about their drivers
- Security researchers are increasingly concerned that some automakers don’t take good care of it
Today’s cars are data-gathering machines. Many are capable of tracking where and when you drive, what streaming entertainment you listen to, and storing payment information in their systems.
Security researchers are increasingly concerned that automakers don’t all follow the best industry practices to protect that data. A 2023 investigation by privacy researchers at the Mozilla Foundation found cars “officially the worst category of products [the researchers had] ever reviewed.“
Earlier this year, the Federal Trade Commission banned General Motors from selling data on drivers for five years after revelations about the company’s data security practices.
GM and Hyundai may not be exceptions. A Senate investigation in July found that other automakers were still selling the same sort of data that caused the FTC to crack down on GM.
