Hackers Allegedly Claim Breach of Mercedes-Benz USA Legal and Customer Data
Mercedes-Benz USA allegedly breached: 18.3 GB of litigation strategies and customer data leaked. Discover how this "zestix" attack impacts warranty defense and privacy.
A threat actor using the alias "zestix" has come forward to claim responsibility for a data breach at Mercedes-Benz USA, reportedly leaking 18.3 GB of highly sensitive legal and customer information.
The threat actor has listed the dataset for sale on a dark web forum, where he is selling the complete archive for $5,000. According to the listing, the breach exposes a wide array of internal documents, spanning active and closed litigation files from 48 U.S. states.
According to ThreatMon, which spotted the Claim, the leak seems to target the legal infrastructure supporting Mercedes-Benz's defense against consumer warranty claims, particularly the Magnuson-Moss Warranty Act and the Song-Beverly Consumer Warranty Act.
If confirmed, the incident would underline the acute vulnerability of third-party legal vendors that process highly sensitive corporate and consumer data. The actor claims the breach contains “every defensive strategy, outside counsel billing rate, and settlement policy” employed by the automotive giant in the United States.
The leaked archive is supposedly complete, containing both operational legal data and personally identifiable information about the customers.
This incident underlines the ever-present danger that supply chain weaknesses pose. While Mercedes-Benz USA has had its share of data exposure incidents in the past, including the incident in 2021 where cloud storage inadvertently leaked data impacting close to 1,000 customers, this particular incident affects the legal supply chain rather than the company's direct corporate infrastructure.
Clearly, the exposure of "confidential MBUSA template/forms" and defensive legal strategies may have lasting implications for continued litigation. The presence of "New Vendor Questionnaire forms" that include banking information introduces other risks, such as BEC or financial fraud aimed at the automaker's vendor network. By the time of this report, neither Mercedes-Benz USA nor Burris & MacOmber LLP has issued an official statement confirming the authenticity of the data. Security analysts advise that customers who have engaged in recent warranty disputes with the manufacturer monitor their credit reports and be wary of phishing attempts referencing their case files.
