On July 8, 2024, the Maine Office of the Attorney General reported a data breach involving General Motors (GM) that occurred between May 18, 2024, and May 20, 2024, affecting 65 GM MyAccounts, including two Maine residents. The breach involved unauthorized logins likely using compromised credentials from external sites, potentially exposing limited personal information such as names, addresses, and last four digits of payment cards, though no evidence indicates GM's login information was obtained.
TPRM report: https://www.rankiteo.com/company/general-motors
"id": "gen513072825",
"linkid": "general-motors",
"type": "Breach",
"date": "5/2024",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 65,
'industry': 'Automotive',
'location': 'Global',
'name': 'General Motors',
'type': 'Corporation'}],
'attack_vector': 'Compromised Credentials',
'data_breach': {'number_of_records_exposed': 65,
'personally_identifiable_information': ['Names', 'Addresses'],
'sensitivity_of_data': 'Limited Personal Information',
'type_of_data_compromised': ['Names',
'Addresses',
'Last four digits of payment '
'cards']},
'date_detected': '2024-07-08',
'date_publicly_disclosed': '2024-07-08',
'description': 'Unauthorized logins to GM MyAccounts using compromised '
'credentials from external sites, potentially exposing limited '
'personal information.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Last four digits of payment cards']},
'initial_access_broker': {'entry_point': 'Compromised Credentials'},
'post_incident_analysis': {'root_causes': 'Compromised Credentials from '
'External Sites'},
'references': [{'date_accessed': '2024-07-08',
'source': 'Maine Office of the Attorney General'}],
'title': 'General Motors Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak or Reused Passwords'}