Company does not offer complimentary identity protection

May 28, 2015 17:13 GMT  ·  By

A data breach targeting Copart.com automobile auction website left driver’s license numbers of its members exposed to cybercriminals, along with other personal information and account login credentials.

Founded in 1982 by Willis Johnson, the business has a global presence with 160 locations in Europe, Middle East, North America and South America. At the moment of writing, it reports over 100,000 vehicles on sale. According to third quarter 2015 financial results, the company recorded a revenue of $297 / €272 million.

Personally identifiable information exposed

The company discovered on March 31 that its computer systems were breached by an unknown attacker, who gained access to sensitive information belonging to its members.

The data exposed in the incident includes names, addresses, driver’s license numbers, telephone numbers, e-mail addresses, and the login credentials for the Copart.com account.

The number of affected users, or the method employed by the perpetrators to reach this data have not been disclosed.

With this personally identifiable information in hand, cybercriminals could devise fraudulent emails that could cause financial losses to victims. The attacks could be customized, considering the origin of the pilfered data.

Copart advises users to change account password

Crooks can use driver’s license numbers in combination with the names and addresses of the victims to create fake identification that can be sold or used for nefarious purposes, including identity theft, or committing crimes that would trace back to the victim. A driver’s license can be used to check into hotels, rent cars or other services.

Copart recommends its members to change the password for their account, as well as for other online services, if the same string is used. Cybercriminals often run credentials from a data breach through multiple online services in an effort to get the most out of breach.

“We deeply regret any inconvenience or concern this may have caused. To prevent this from happening again,” Copart said in a letter to affected users, adding standard information on how to protect against credit fraud.