British Drivers Exposed After Mercedes Data Surfaces on Hacker Market
🚨 British Drivers Exposed After Mercedes Data Surfaces on Hacker Market
Mercedes-Benz, the globally renowned German luxury automotive brand, may be the latest victim in a string of attacks against the automotive sector. A threat actor has just listed a dataset allegedly linked to Mercedes for sale on a well-known underground marketplace, claiming to contain 130,000 customer and vehicle data records in Excel/CSV format.
📊 What’s Included in the Dataset?
The attacker claims that the dataset contains:
- Customer names
- Address information
- City/Postcodes
- Mobile numbers
- Email addresses
- Vehicle number
- Mercedes Vehicle Number
- Mercedes Vehicle Model
- Registration number
- Registration date
- MOT due date
- Last service date
- Order and quote status
Cybernews researchers have checked the listing and can confirm that the dataset includes: full names, testing emails, UK phone numbers, UK postcodes, car models, and registration numbers in UK format. If legitimate, such data suggests it may belong to the Mercedes-Benz branch or dealership in the UK.
⚠️ Risks of Data Leak
The data leak introduces multiple risks, as vehicle ownership intelligence has become one of the most valuable commodities in cybercrime markets. Data such as VIN numbers, vehicle models, purchase dates, and registration records can be weaponized far beyond ordinary fraud. One scheme involves VIN cloning, where criminals steal a legitimate VIN from a legally registered vehicle and attach it to a stolen car of the same make and model. This allows the stolen vehicle to be resold with counterfeit documentation.
Law enforcement agencies have repeatedly flagged VIN swapping as a rapidly escalating fraud trend. Attackers can also exploit vehicle ownership data in highly targeted phishing campaigns, sending fake maintenance alerts, recall notices, or financing updates. Leaked personal data makes phishing more convincing, as it may reference the victim’s exact car model, lease details, or service schedules to redirect them to fraudulent payment portals.
For luxury brands such as Mercedes-Benz, the risks can become physical as well as digital. Knowing that a high-end vehicle like a Mercedes S-Class or AMG GT is registered to a specific address may enable targeted theft operations, allowing criminals to identify affluent owners and locate valuable vehicles with precision.
📈 Increasing Cyber Threats
Cybercriminals are increasingly targeting major automotive manufacturers, putting car owners at high risk of fraud and even the physical theft of a luxury vehicle. The 2025 Upstream automotive cybersecurity report noted that cyber incidents surged by 38%, with 60% of incidents capable of affecting thousands to millions of connected vehicles. Data and privacy breaches accounted for 59% of the cybersecurity incidents.
Many car brands have suffered data breaches, making 2025 a challenging year for the industry. For example, in March, hackers leaked Jaguar Land Rover’s source code. In April, car rental giant Hertz suffered a major breach after the Cl0p group exploited zero-day vulnerabilities, stealing drivers’ licenses and other sensitive data. In September, the Everest ransomware group claimed BMW as a victim. In November, a customer data breach affected Hyundai’s IT services arm, Hyundai AutoEver America.
For more details, you can read the complete article here: Read full article