Over 10 Million Vehicle Identification Numbers (VINs) Exposed in Data Leak

The Kromtech Security Research Center recently discovered that a privately-owned database exposed more than 10 million VINs over the course of 137 days. In addition to VINs, the unsecured database also exposed vehicle makes and models, odometer readings, sales information, and personally identifiable information of customers such as addresses, phone numbers, dates of birth, genders, and family details. This information can be used by threat actors to commit fraud, identity theft, vehicle theft, and in vehicle cloning operations or to target the owners using social engineering tactics such as vishing and spear-phishing campaigns. The owner of the database has yet to be identified. Bleeping Computer provides more information about this threat. The NJCCIC recommends all vehicle owners search for their VINs onHaveIBeenPwned.com after the website has been updated to include this information. If your VIN was exposed in the leak, contact your car insurance company and have them make a note of it in your account. If you believe your VIN was cloned, contact your local police department and file a report. Additional information about VIN cloning is available on FBI.gov.