background preloader

OMIS 5110 - Honda Data Breach

Facebook Twitter

Time to Get Transparent about Cyber Security. Another day, another hack.

Time to Get Transparent about Cyber Security

Apple, Sony, Citigroup, and Lockheed Martin are just some of the big-name companies afflicted by recent cyber-security breaches. Canada has not been spared. Beyond the attacks on the federal Treasury and Finance Departments and the Conservative Party of Canada, Sony, Husky Energy, and Honda have all had Canadian branches or units compromised in recent hacks. Even major Canadian law firms have been victimized. SecurID.

Honda Canada hit by online security breach; 283,000. Hamilton Spectator While Tokyo-based Sony Corp. battles massive data security breaches, Japanese carmaker Honda is confronting its own online challenge — the theft of personal information from 283,000 Honda and Acura customers in Canada.

Honda Canada hit by online security breach; 283,000

Jerry Chenkin, executive vice-president and chief compliance officer at Honda Canada Inc., confirmed Thursday that names, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura, with suspicious activity on the site first detected in late February. In a letter to affected vehicle owners dated May 13 and obtained by the Toronto Star, Honda Canada said it was alerted by unusual volume on the sites, including “some unauthorized attempts to access account information.” The letter said financial information was not compromised. Honda Canada notifies customers of breach (UPDATED)

A reader alerted me that Honda Canada has been notifying some customers of a breach.

Honda Canada notifies customers of breach (UPDATED)

According to a May 13th letter he received (French version, pdf), a breach involving unauthorized access of the My Honda ( and My Acura ( web sites was detected in March 2011 and affected customers who were on certain mail lists in 2009. Customers’ names, addresses, and vehicle identification numbers were involved. Unless, of course, you got a letter dated May 12, which was sent to a different subset of customers for whom Honda Financial Service Account numbers were also involved. According to their representatives, the FSA number is an internal number only and cannot be used to access your bank account information.

So how many people were affected? An undated notice on Honda’s main web site, which is not easy to find because there is no link from the homepage, reads: Thanks to the reader who provided the letter. Honda Canada breach highlights lax testing, expert says. Canadian security analysts argue that Honda Canada testing and assessment techniques are likely at the heart of the data breach.

Honda Canada breach highlights lax testing, expert says

Plus, why the automaker should have been faster to disclose the news. Honda Canada admits data breach. Automaker warns of Honda Canada has issued a warning that a data breach exposed the personal data of an unspecified number of customers.

Honda Canada admits data breach

The company hasn’t yet disclosed details on how the company’s systems were breached, or when the data was accessed. A Honda spokesman in Canada did not immediately respond to a request for information about the breach. Related story $6.75 million – the cost of a data breach in 2009 PlayStation network hack results in massive-scale identity theft Privacy by ReDesign: Building a better legacy. Update: Honda Canada breach exposed data on 280,000 individuals.

Computerworld - Honda Canada has notified about 280,000 customers in that country of a data breach involving the compromise of their personal data.

Update: Honda Canada breach exposed data on 280,000 individuals

The breach was discovered in late February. However the company only began notifying customers of the compromise earlier this month. An undated alert posted on the company's website said the incident involved the unauthorized access of customer names, addresses, vehicle identification numbers and, in the case of a small number of customers, their Honda Financial Services account numbers. Jerry Chenkin, executive vice president of Honda Canada, said Thursday the reason for the delay was that the company needed time to figure out the scope of the breach before it could begin notifying customers. According to Chenkin, unknown intruders breached a Web server that allows Honda and Acura customers in Canada to set up personal MyHonda and MyAcura websites. Chenkin said Honda has taken several steps to ensure that such an incident doesn't happen again. Honda Canada warns customers of major data breach. Canada. To our valued Honda customers: Honda Canada Inc. has notified a limited number of affected customers of the possible unauthorized access to their information.


This information included name, address, Vehicle Identification Number, and in some cases, Honda Financial Services Account number, telephone number and e-mail address. The affected customers were notified by mail in May 2011, June 2011, and August 2011. Honda assures its customers that there was no other customer data available to be accessed. We do not recommend that the affected customers take any specific action at this time, other than being on the alert for marketing campaigns by telephone, mail or e-mail requesting personal information. Once again, we apologize for this incident and want to assure customers that the protection and safe-keeping of personal information is a responsibility that we take very seriously. What information has been breached?

How do I know if I’m one of the affected customers? What is phishing?