Mercedes-Benz USA Data Allegedly for Sale on Dark Web After Hack

A hacker using the pseudonym “Zestix” has claimed responsibility for a significant cyberattack on Mercedes-Benz USA (or MBUSA), allegedly stealing 18.3 GB of customer and legal data.

The hacker made this disclosure in an auction posting on a forum on the darknet—a common venue among the top dark web markets, offering the full archive for $5,000. As per the listing, the data breach compromises a large array of MBUSA’s internal files, consisting of both active and closed legal documents from across 48 states in the United States.

Zestix Claims Responsibility for Mercedes-Benz Hack

Zestix’s illegal posting was brought to light by cybersecurity monitoring platform ThreatMon, which identified the claim shortly after it was made. ThreatMon noted that the data exposure was targeting Mercedes-Benz’s legal infrastructure, which the firm uses in customer warranty claims. More particularly, the Song-Beverly Consumer Warranty Act and the Magnuson-Moss Warranty Act were.

If valid, this data breach underscores a crucial flaw of third-party legal vendors who facilitate extremely sensitive consumer and corporate data. This supply-chain vulnerability is a major attack vector for hackers, as seen recently when Spanish airline giant Iberia was compromised through a supplier hack, exposing a trove of corporate data.

According to Zestix’s claim, this leak comprises “all MBUSA’s defensive strategy, settlement policy, and external counsel billing rate.”

It is worth noting that a breach of this level could have more severe impacts and possibly undermine MBUSA’s position in existing and future settlement negotiations and litigations. The exfiltrated dataset reportedly comprises both consumer Personally Identifiable Information (PII) and proprietary operational litigation files. The dual nature of the data breach—customer privacy and corporate strategy—worsens the severity of the leak.

In addition, the purported inclusion of “New Vendow Questionnaire forms,” which usually comprises banking information for new suppliers, is another major concern. Experts believe that this may result in business email compromise (BEC) or financial fraud, which usually targets MBUSA’s broader network of partners and vendors. Hackers frequently use this kind of information for advanced cyberattacks, to cripple business operations or loot funds.

Implications and Mercedes-Benz USA’s Response

Notably, neither MBUSA nor its associated law company, Burris & MacOmber LLP, has made an official response denying or confirming the data breach, a common initial posture in such incidents, as seen recently when hackers claimed an HSBC USA breach in a dark web post (while the bank denied it).

Thus, this leaves the hacker’s claim as unvalidated, but the comprehensive nature of Zestix’s listing demands further investigation. Cybersecurity experts buttress that companies in the automotive industry require extensive, fail-proof vendor security audits.

If verified, this attack could prompt immediate regulatory inspection under data protection laws, which could affect both MBUSA’s reputation and operations. Notably, cybersecurity experts recommend that clients involved in recent warrant litigations with Mercedes–Benz USA monitor their credit reports and stay watchful. Threat actors may use phishing tactics against affected customers based on their case documents.

This is not the first data leak experienced by the affected company’s customers. Mercedes-Benz USA had a previous instance of leaking around 1,000 customer data files in the public domain when they unintentionally exposed their cloud storage in 2021. That attack impacted a smaller array of consumers.  However, this most recent attack doesn’t target the firm’s direct corporate infrastructure but its legal supply chain.