A story in The Columbus Dispatch and other news media report that American Honda Motor Co. has told some 2.2 million of its Honda and 2.7 million of its Acura owners that their email addresses have been potentially compromised because of a security breach at a Honda vendor. In addition, the login names, e-mail addresses and vehicle-identification numbers of the Honda owners were also likely compromised.
Honda is suggesting that those affected change the passwords to their accounts, and to watch out for phishing attacks:
"Be cautious of unsolicited emails requesting personal information. Often, these communications can look official. American Honda Motor Co., Inc. will not send emails requesting social security or credit card numbers or other personal information."
There is speculation that the breach is related to the Silverpop breach that was disclosed a few weeks ago and affected McDonald's, among others.
If it is, the question is why has it taken Honda so long to disclose the breach?
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.