General Motors clients’ personal data was obtained by intruders

25.05.2022

Back to news

    Cyber incident has led to car owners’ personal data leak. General Motors runs an online-platform, which is aimed at helping Chevrolet, Buick, GMC and Cadillac car owners to manage accounts and bonus points and to use services.
Between 11th and 29th of April 2022 GM specialists fixed suspicious activities. Due to inspection, it was revealed, that in some cases intruders managed to pay for gift cards with client’s bonus points. Corporation officials promised to recover all the points, spent by intruders.

     However, GM itself hardly may be named as the culprit of the incident, as attackers just inserted account data, spotted in other leaks.  Company’s officials suppose, that intruders managed to get access to clients’ accounts with the help of logins and passwords, compromised on other sources, which don’t belong to GM. In such case, SIEM system may had helped, as it alarms security specialists about password guessing attempts. 

      As a result of the attack, hackers got access not only to some information, related to car maintenance, such as mileage and service history, but also to such info, as:
•    clients first and last name,
•    personal email address,
•    personal address,
•    username and phone number for registered family members,
•    last known and saved favorite location information.

      It should be noted, that nowadays, many attacks take place, because intruders in various ways manage to obtain data in other sources in advance. The more confidential information intruders get from different sources, the more complicated and effective fraud schemes they may develop, or use this info for social engeneering.

      In such circumstances, it’s important to be acknowledged and aware of possible risks. Of course, there isn’t a universal advice on the topic of related to modern technology risks avoidance. However, there are some basic concepts and rules, such as avoiding sharing of sensitive data if it’s possible and avoiding of interaction with unverified resources are among top priorities for any user. The more personal data is shared, the more detailed portrait of victim it’s possible to make. This, in turns, makes attack more sophisticated, and it’s obviously more difficult for user to deal with such threat. But implementation of mentioned basic measures at least helps to reduce risks significantly.  It’s also of crucial importance to pay attention to passwords. Still, it’s one of the most principal security asset. For example, Thomas Jermoluk mentioned in his recent interview for Cybercrime Magazine, that more than 85 percent of the issues with account takeover, ransomware, and supply chain attacks originate from problems with passwords. 

     Corporate sector also should be concerned about risks, and permanent work on increasing of security level is required. It’s important to foresee new threats and react in advance. For more detailed recommendations on how to increase your company’s safety You may refer to the article in our blog  and request a free white paper “Risk library” , revealing major risks for an organization.