The North America - Volkswagen AG data center says a data breach at a vendor in WASHINGTON has impacted more than 3.3 million customers and prospective buyers in the United States.
Nearly all the affected were current or potential customers of Audi, one of the German automaker's luxury brands.
On Friday, Volkswagen Group of America said an unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.
The information was gathered for sales and marketing between 2014 and 2019 and was left by the vendor in an electronic file which was unsecured.
The company told regulators that the vast majority of customers could only have computer numbers and email addresses impacted potentially by the data breach. In some cases, data also includes information about a vehicle that is leased, purchased or inquired about either.
VW said 90,000 Audi customers and prospective buyers had impacted sensitive information relating to purchase or lease eligibility. Volkswagen said it will offer free credit protection services to these individuals.
The sensitive information was comprised of driver license numbers in more than 95% of cases. A small number of records included additional data, like birth dates, social security numbers and account numbers.
The automaker does not believe that sensitive data is involved in Canada.
More than 3.1 million people are affected in the United States.
Volkswagen thinks the data was obtained at some point between August 2019 and May of this year as the automaker identified the source of the incident.