Personal data of 14,000 BMW customers in Hong Kong leaked

The privacy watchdog said on Thursday it received a notification of a data breach from the company on July 18 and had advised it to alert affected individuals as soon as possible.

BMW’s contractor for handling customers’ data, Sanuker, notified the watchdog on Wednesday of the data breach.

The Office of the Privacy Commissioner for Personal Data is investigating the incident and has yet to receive any related inquiries or complaints.

Michael Gazeley, 57, a customer who owns two BMW iX electric vehicles, said he was furious as the company had not contacted potentially affected clients but only posted a brief notice on its website.

“It’s a pretty serious breach where a lot of confidential data has gone. And there could be all sorts of consequences for fraud for all kinds of scams based on the customer information,” said Gazeley, who works in the cybersecurity field.

“And I find it outrageous that they demand so much data from their customers. In this ever increasing problem, organisations are demanding that we give up every aspect of our privacy for them to put in their database, but they’re not securing it.”

He added that hackers, by using different data breaches, could end up gathering victims’ addresses, phone numbers, driving permit details and even their children’s school information.

BMW said it took the privacy of its customers seriously and had bolstered security measures to further safeguard its system.