DealerBuilt Data Breached: Hack Attacks Again! Dealer Built, the Iowa software dealer, settled a violation of the customer data in 2016.
On Wednesday, Dealer Built, the Iowa software dealer, settled a violation of the customer data in 2016. Allowing a hacker to gain access to the personal data of some 12.5 million customers stored by 130 distributors.
The supplier of the distribution system agreed with the FTC to settle the attack and “take steps to better protect the data it collects,” said the FTC.
The agency said in a statement that it has not properly encrypted sensitive data and performed the vulnerabilities and penetration tests required by commercially referred to as DealerBuilt.
DealerBuilt CEO Michael Trasatti said that on Wednesday after an infringement happened in 2016, the company took swift action and collaborated with the clients. “We take customer data security seriously says Trasatti. “We work to improve our safety continuously.”
A final consent order will remedy this violation which they will not release until the FTC approves it. DealerBuilt must introduce a protection program in accordance with the Protections Provision. Moreover, the framework of the proposed consent agreement prohibits managing user data until the program has been in place.
The settlement further demands that the organization undergo security program reviews every two years from third parties.
The FTC has no jurisdiction for the original violation of monetary penalties. However, the commission could pursue civil damages of up to $42,530 per contravention, if the corporation breaks the deal.
The lawsuit suggested that while the supply is “readily available and relatively low-cost” for the seller, DealerBuilt could not secure the confidential customer details. Moreover, DealerBuilt sells applications and data processing systems for dealership management.
The infringement, that took place for 10 days at the beginning of October 2016, occurred in DealerBuilt’s backup database.
“The hacker downloaded the personal information of more than 69,000 consumers. Thus, including their Social Security numbers, driver’s license numbers, and birthdates. As well as wage and financial information,” said FTC in the release.
In the lawsuit, FTC claimed that the hacker targeted the DealerBuilt device “multiple times, downloading the personal information of 69,283 consumers, the entire backup directories of five customers.”
Safeguards Rule violation
The FTC ensures that all data obtained from DealerBuilt are safe and saved and submitted in a plain document. Although the FTC has refused to enforce fundamental safeguarding systems. Hence, notwithstanding the fact that its inability to encrypt data is also a clear breach of the Safeguards Regulations in the Gramm-Leach-Bliley Act. Moreover, they have also held data, considered necessary under the law, without access controls or authentication protection.
The FTC views the actions of DealerBuilt as an indication of discriminatory practices.
DMS databases commonly store private and public customer records. Further, including names, addresses, dates of birth, credit details, and social security numbers but not limited to them. The program also includes confidential information on dealer personnel. For instance, such as payroll records and bank account details, as per the statement.