General Motors (GM,) an American automotive manufacturing corporation, got hit by a cyberattack, exposing customer personal information.
The incident was detected between April 11, 2022, and April 29, 2022, when the company noticed suspicious logins to certain GM online accounts, which led to unauthorized redemptions of customer reward points for gift cards.
Following up on the discovery, the company disabled the feature and informed the customers about the attack, requiring them to change passwords.
“We also reported the activity to law enforcement. We continue to monitor account activity to protect our customers and personal information about them,” GM’s notice of data breach says.
As of now, the company believes that customer login data was obtained outside of the GM networks. Supposedly, threat actors received access to that information through other non-GM sites and re-used it to access the company’s accounts.
The information that cybercriminals might have received access to includes “first and last name, personal email address, personal address, username and phone number for registered family members tied to your account, last known and saved favorite location information, your currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile picture, search and destination information, reward card activity, and fraudulently redeemed reward points.” The notice of data breach highlights that the list does not include date of birth, Social Security number, driver’s license number, credit card or bank account information.
“As discussed above, we took swift action in response to the suspicious activity by suspending gift card redemption and notifying affected customers of these issues. We also took steps to require those customers to reset their passwords at their next login, and we reported this incident to law enforcement,” GM concludes.
All affected users are required to reset their passwords and are strongly advised against using the same credentials across multiple sites or platforms. They should also remain vigilant for incidents of fraud and identity theft, as well as frequently monitor account statements and credit reports.
More from Cybernews:
Subscribe to our newsletter