GM reportedly suffered a cyberattack last month that resulted in the exposure of customer information and allowed hackers to redeem gift card reward points.
According to a recent report from IT Security Guru, GM confirmed that it detected malicious login activity between April 11th and April 29th, 2022. The malicious activity was identified as a credential stuffing attack, wherein credentials were obtained from a previous data breach from one service, then reused to log into another service.
In response, GM sent a data breach notification to customers stating “We are writing to follow-up on our [DATE] email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization.”
Personal information for affected customers, including names, email addresses, home addresses, phone numbers, usernames, last known and saved favorite location, car mileage, maintenance history, OnStar information, and more may have been exposed in the attack. GM is advising affected customers to reset their passwords, and if necessary, request a credit report from their banks. GM will restore rewards points for customers affected by the attack.
Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself. Rather, the automaker states in a separate data breach notification, “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”
With the proliferation of digital features and connected technologies in passenger vehicles, cybersecurity has become an increasingly critical issue in the auto industry. As such, GM has taken new steps to beef up its security measures, including the introduction of the Global B electrical architecture, which, in addition to providing greater processing power, support for over-the-air updates, and improved inter-vehicle system communication, also provides more robust protection from hackers and cyberattacks.