The email database contained the names, logins, email addresses, and vehicle identification numbers of 2.2 million Honda customers. The database also contained the email addresses of around 2.7 million Acura owners.
According to a letter to affected customers, Honda said it recently became aware of “unauthorized access to an email list used by a vendor to create a welcome email to customers who have an Owner Link or My Acura vehicle account”, according to an excerpt provided by Tech Herald's Steve Ragan in a blog.
“You may be aware of attacks on email marketing systems, therefore we want to assure you that we take the safeguarding of your information seriously and that the appropriate authorities have been contacted regarding this incident. Additionally, we have taken steps to minimize this type of exposure in the future,” the letter added.
In a web notice to customers, Honda said that it would be difficult for personal information to be stolen based on the information leaked. The car maker said that “law enforcement authorities have been contacted and an investigation is in process. Further, American Honda Motor Co., Inc. is taking steps to minimize this type of exposure in the future.”
Honda advised customers: “Be cautious of unsolicited emails requesting personal information. Often, these communications can look official. American Honda Motor Co., Inc. will not send emails requesting social security or credit card numbers or other personal information.”
Reports indicate that the vendor was Silverpop Systems, which is an Atlanta-based email service provider that was reportedly involved in the recent data breach involving McDonald’s.