Ford Motor Credit, the financing arm of the car company, sent certified letters to all of the consumers involved cautioning them to be on the alert for signs of identity theft.
The hackers accessed an Experian database and downloaded the information, which included Social Security numbers, addresses, account numbers, creditor names and payment history -- everything needed to commit credit fraud.
"There was fraud perpetrated on these consumers, on Experian and on Ford Credit," Richard Van Leeuwen, Ford Credit executive vice president, was quoted as telling the Detroit News.
Ford apparently was contacted by Experian in February after the agency received numerous calls about unauthorized credit checks, which appeared as though they were made by Ford Credit's Grand Rapids, Mich., office.
FBI special agent Dawn Clenney told the Associated Press that the matter is under investigation but declined to give details.
Ford Credit said in a letter to the victims that the hackers used an authorization code from Ford Credit to get the credit reports from Experian, one of the top three major reporting agencies.
Ford Credit spokesman Dan Jarvis told InternetNews.com that it was the Experian credit reporting system that was hacked. "We don't have a system in which we keep people's credit reports," he said.
Only about 400 Ford Credit customers had data stolen, but the company decided to alert all of the victims by certified mail, Jarvis said. Once into the system, the thieves took data on residents of more affluent areas around the country.
How did it happen? "There are theories, but we're waiting for the FBI to tell us," Jarvis said. "They left a footprint that said Ford Credit was there ... we made a decision that these folks should know."
"This is not just a credit card number; this is the whole kazoo," Richard Power, the editorial director for the Computer Security Institute, an industry trade group, told the New York Times. "A criminal could use the data to make credit card charges or even open bank and credit card accounts in the victim's name."
Experian, which had no immediate comment, is a subsidiary of GUS plc and has headquarters in Nottingham, UK, and Costa Mesa, Calif.
Collaboration 2.0: Death of the Web Conference (As We Know It) Employees are spending more time in meetings now more than ever before, yet the vast majority of the modern workforce gets little or no value out...
How Moving Your Contact Center to the Cloud Eliminates Risk: A New Way of Evaluating Cloud TCO Tuesday, September 30, 2014 11:30 AM EDT / 16:30 BST The total cost of ownership (TCO) debate between a premises and cloud decision continues to...
Disk Encryption + Endpoint Backup: Before You Lock it Down, Back it Up Full disk encryption is the ultimate data guardian on corporate endpoints. But when deployed without endpoint backup, it can also be the ultimate...
Get Prepared for the Holiday Rush Now is when e-retailers want to put the finishing touches on readying their e-commerce platforms for the all-important holiday shopping season. For...