When I walk into a car dealership to purchase a car, I would not think twice about a hacker somehow getting access to my information. Over a hundred car dealerships have leaked online your name, address, phone number, and social security number, all thanks to a centralized records system coupled with shoddy security. Welcome to the “new normal” where anytime you disclose your private information, you should expect that it is going to be stored on someone’s database and, if that database is not properly encrypted, it will be stolen by hackers.
In this case, the centralized record system was sold to hundreds of dealerships across the country by DealerBuilt, an Iowa-based database software company. They offer a central system for sales, customer relations, and employee payroll needs. Last week, MacKeeper security researchers found 128 dealership systems, known as LightYear machines, were backing up to DealerBuilt’s central systems without any encryption or security, allowing anyone to see what was being backed up. Further investigation has revealed that private information for up to as many as 5 Million buyers and employees of the dealerships has been compromised.
DealerBuilt doesn’t disclose how the company handles data security, but its website says that its system “offers very high level security that allows only the people in your organization who have been approved with the access to the information that you want them to see.” Well, apparently that’s not the case.
This holiday season, be careful with what information you provide when you buy. In my next blog, I will give you some advice on how to protect yourself when you go shopping this Holiday season.