Data Breach at Honda Canada Far from Leading to Identity Theft?

Jay Decenella, IT audit expert
May 27, 2011 /

Honda Canada has warned around 280,000 customers of an unauthorized access of information to its 2009 records, but added the data breach may not lead to identity theft.

The report came after Sony Canada announced Wednesday the discovery of a data breach in its mobile phone subsidiary in the country, which took place on the heels of earlier attacks to its Playstation Network, compromising the personal information of more than 100 million users.

Honda discovered the breach to its Web server late in February but only notified its customers recently.

Jerry Chenkin, executive vice president of Honda Canada, said the company had to establish first the scale of the breach before alerting its customers, thus delaying the advisory.

In a data security notice posted on its Web site, Honda said: the data breach “involved the unauthorized access of information as held in our records in 2009, specifically name, address, Vehicle Identification Number (VIN), and in a small number of cases, Honda Financial Services (HFS) account numbers.”

“The information that may have been accessed was related to a series of customer mail programs encouraging customers to register at the myHonda website. The mailings all took place in 2009, however; the unauthorized access took place recently. Upon detection, immediate action was taken to prevent further unauthorized access,” Honda explained.

The data breach was discovered by Honda’s IT staff after having observed an unusual activity on its Web server that hosts the MyHonda and MyAcura sites, Chenkin added.

Saying the unauthorized access did not penetrate personally identifiable information such as birth dates, telephone numbers, email addresses, credit card numbers, bank account numbers, driver’s license numbers, social insurance numbers, or dollar amounts of HFS financing or payments, Honda downplayed possibilities of identity theft or fraud.

While in the process of notifying all the potentially affected customers by mail, Honda did not recommend that customers take any specific action fore the time being.

However, it alerted customers to watch out for marketing campaigns from third parties that reference their ownership of a Honda vehicle. Honda emphasized that it does not share customer data with unauthorized third parties and does not contact customers asking for financial information.

Honda added that it has reported the situation to the Canadian federal and all applicable provincial privacy commissioner’s offices.

“We would like to apologize for this incident and assure our customers that the protection and safe-keeping of your information is a responsibility that we take very seriously,” it said.

On January this year, American Honda Motor Corp., Inc. reported similar instances of data breach involving email addresses, phone numbers, bank account numbers, license plate and chassis numbers of more than 2.2 million customers who were mostly Japanese.

 

Share your opinion