Hackers compromise AutoNation websites, capture payment card data, other info

Share this article:

National automobile retailer AutoNation is notifying an undisclosed number of customers that their payment card data, as well as other information, may have been captured by hackers that compromised AutoNation websites hosted and operated by TradeMotion.

How many victims? Undisclosed. 

What type of personal information? Names, addresses, phone numbers, email addresses and payment card information.

What happened? Hackers were able to capture personal information after compromising AutoNation websites hosted and operated by TradeMotion.

What was the response? TradeMotion contacted the FBI and an investigation is ongoing. TradeMotion stated that the software used by the hackers to capture the information has been removed. TradeMotion is conducting penetration testing and is monitoring its systems for ongoing activity. All impacted individuals are being notified, and offered a free year of identity theft protection services. AutoNation is no longer processing card payments through TradeMotion.

Details: TradeMotion notified AutoNation on May 6. The hackers may have had access to the information from March 5 to May 2.

Source: doj.nh.gov, “Breach Notification Letter,” May 26, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.

Physician's email account, accessed by unknown source, contained patient data

UC Davis Health System is notifying 1,326 patients that a physician's work email account was accessed by an unknown source and an email within that account contained their personal or medical information.