Time to Get Transparent about Cyber Security. Another day, another hack.
Apple, Sony, Citigroup, and Lockheed Martin are just some of the big-name companies afflicted by recent cyber-security breaches. Canada has not been spared. Beyond the attacks on the federal Treasury and Finance Departments and the Conservative Party of Canada, Sony, Husky Energy, and Honda have all had Canadian branches or units compromised in recent hacks. Even major Canadian law firms have been victimized. Expectedly, questions are being raised about the nature of the cyber-attacks, their scope, and the means and motives of those behind them.
SecurID. Honda Canada notifies customers of breach (UPDATED) A DataBreaches.net reader alerted me that Honda Canada has been notifying some customers of a breach.
According to a May 13th letter he received (French version, pdf), a breach involving unauthorized access of the My Honda (myhonda.honda.ca) and My Acura (myacura.acura.ca) web sites was detected in March 2011 and affected customers who were on certain mail lists in 2009. Customers’ names, addresses, and vehicle identification numbers were involved. Unless, of course, you got a letter dated May 12, which was sent to a different subset of customers for whom Honda Financial Service Account numbers were also involved. According to their representatives, the FSA number is an internal number only and cannot be used to access your bank account information.
So how many people were affected? An undated notice on Honda’s main web site, which is not easy to find because there is no link from the homepage, reads: Thanks to the reader who provided the letter. Honda Canada breach highlights lax testing, expert says. A data breach that potentially impacted 280,000 Honda Canada Inc. customers could have been dealt with more effectively by the automaker, according to a pair of security experts.
The automaker posted an alert on its Web site this week revealing a data breach involving the authorized access of customer names, addresses, vehicle ID numbers and Honda Financial Services account numbers. The breach has impacted customers of both the Honda and Acura brands. The information accessed in the breach was related to a 2009 membership program called MyHonda and MyAcura.
These customer-facing sites allowed customers to sign up for benefits such as vehicle-specific information, new warranty and maintenance news, and exclusive product information. While the breach was discovered in February, the company only began sending out notification letters to customers a few weeks ago. Honda Canada spokespeople failed to reply to a request for more information about the breach. Honda Canada admits data breach. Automaker warns of Honda Canada has issued a warning that a data breach exposed the personal data of an unspecified number of customers.
The company hasn’t yet disclosed details on how the company’s systems were breached, or when the data was accessed. A Honda spokesman in Canada did not immediately respond to a request for information about the breach. Related story $6.75 million – the cost of a data breach in 2009 PlayStation network hack results in massive-scale identity theft Privacy by ReDesign: Building a better legacy Heartland data breach “shocking” says Canada’s privacy commissioner.
Update: Honda Canada breach exposed data on 280,000 individuals. Computerworld - Honda Canada has notified about 280,000 customers in that country of a data breach involving the compromise of their personal data.
The breach was discovered in late February. However the company only began notifying customers of the compromise earlier this month. An undated alert posted on the company's website said the incident involved the unauthorized access of customer names, addresses, vehicle identification numbers and, in the case of a small number of customers, their Honda Financial Services account numbers. Jerry Chenkin, executive vice president of Honda Canada, said Thursday the reason for the delay was that the company needed time to figure out the scope of the breach before it could begin notifying customers. According to Chenkin, unknown intruders breached a Web server that allows Honda and Acura customers in Canada to set up personal MyHonda and MyAcura websites.
Chenkin said Honda has taken several steps to ensure that such an incident doesn't happen again. Honda Canada warns customers of major data breach. Canada. To our valued Honda customers: Honda Canada Inc. has notified a limited number of affected customers of the possible unauthorized access to their information.
This information included name, address, Vehicle Identification Number, and in some cases, Honda Financial Services Account number, telephone number and e-mail address. The affected customers were notified by mail in May 2011, June 2011, and August 2011. Honda assures its customers that there was no other customer data available to be accessed. We do not recommend that the affected customers take any specific action at this time, other than being on the alert for marketing campaigns by telephone, mail or e-mail requesting personal information.
Once again, we apologize for this incident and want to assure customers that the protection and safe-keeping of personal information is a responsibility that we take very seriously. What information has been breached? How do I know if I’m one of the affected customers? What is phishing?