Notification of data breach incident
Mercedes-Benz Berwick (MBB) informs customers of a data breach incident regarding unauthorised access to personal information stored with MBB’s third-party software provider, Dealer Drive Australia Pty Ltd (Dealer Drive). Dealer Drive is a software program for recording the details of customers who take vehicles for test drives [and/or have the use of a courtesy vehicle whilst their own is in for service].
What has occurred?
MBB was recently contacted by the Australian Federal Police (AFP) in regard to a current cyber-crime investigation. MBB was advised of the discovery of personal information relating to MBB’s customer database stored within Dealer Drive on material seized from the suspects during the investigation.
The AFP have determined that the data breach was the result of malicious criminal activity targeting Dealer Drive, where, despite firewalls and database encryption methods, the personal information was still able to be accessed and extracted.
It is MBB’s understanding that some of the personal information has been used by the suspected cyber criminals for financial gain relating to fraudulent personal loans and potentially for other unknown purposes
When did this occur?
The AFP’s review of the seized material indicates that the breach occurred during the period between mid-2015 and early 2018.
What kinds of personal information have been impacted?
The types of personal information involved in the Dealer Drive data breach include:
· front and back photographs of driver’s licences (depicting facial photograph, full name, address, date of birth, drivers licence number, signature);
· contact phone numbers;
· email addresses;
· time of test-driving vehicles;
· signatures; and
· one instance of a photograph of a credit card.
What should you do?
If you test drove a vehicle at MBB or had the use of a courtesy vehicle between June 2015 and March 2018, your personal data may be impacted.
We strongly recommend that you take the following steps to help protect your identity and to mitigate the impacts of potential identity fraud:
· Contact any or all of the following credit bureaus to obtain a current credit report to ascertain if there has been any recent unknown activity or unexpected adverse impact on your credit history. You can request a credit check once per year for free:
1300 734 806
|Phone||1300 783 684|
· If you have identified any recent unknown activity or unexpected adverse impact on your credit history then contact VicRoads on 13 11 71 or via other methods available on the VicRoads website (www.vicroads.vic.gov.au) to request the cancellation and re-issue of your driver’s licence (if you have not done this since March 2018).
If your driver licence has been used for fraudulent activity, VicRoads may consider changing your licence number where there is a reasonable request to do so. If no identified fraud has taken place, VicRoads will not consider you eligible to issue a new licence number. Further VicRoads information is available at: https://www.vicroads.vic.gov.au/licences/renew-replace-or-update/replace-your-licence-or-learner-permit
Do you have any questions?
We assure you that we are treating this matter very seriously. MBB is working with Dealer Drive and the Office of the Australian Information Commissioner to ensure that the integrity and safety of customer personal data is protected in the future.
If you have any questions or concerns, please contact MBB at the following details:
· by email at firstname.lastname@example.org
· by telephone at 03 8342 9783