A threat actor named “zestix” claims to have breached Mercedes-Benz USA’s legal infrastructure, exfiltrating 18.3 GB of sensitive data, which is now being sold on a dark web forum for $5,000. This alleged leak, which targets documentation related to consumer warranty defense, reportedly includes confidential legal strategies, vendor banking details, and customer Personally Identifiable Information (PII).
A threat actor known as “zestix” has publicly claimed responsibility for a major data breach targeting Mercedes-Benz USA (MBUSA). The actor alleges they exfiltrated 18.3 GB of highly sensitive legal and customer information, posting the complete dataset for sale on a dark web forum with a price tag of $5,000. The listing indicates that the archive exposes a vast collection of internal litigation files, spanning active and closed cases from 48 U.S. states, and emphasizes that the compromise was focused on the legal supply chain supporting the automotive giant.
The specific target of the breach, according to analysis by ThreatMon, appears to be the legal infrastructure supporting Mercedes-Benz’s defense against consumer warranty claims, particularly those filed under the Magnuson-Moss Warranty Act and the Song-Beverly Consumer Warranty Act. If this claim is verified, it would underscore a critical vulnerability in third-party legal vendors who handle and process extremely sensitive corporate and consumer data on behalf of large organizations. The threat actor further boasted that the compromised data includes “every defensive strategy, outside counsel billing rate, and settlement policy” used by MBUSA in the United States, giving a potential adversary an unprecedented look into the company’s legal operations.
The allegedly leaked archive is comprehensive in its scope, reportedly containing a mixture of operational legal data and Personally Identifiable Information (PII) belonging to customers. This incident highlights the persistent and growing risk posed by vulnerabilities within the supply chain. While MBUSA has dealt with data exposure issues in the past, such as an inadvertent cloud storage leak in 2021, this current event is distinct because it targets the legal network rather than the company’s direct, primary corporate infrastructure.
The exposure of “confidential MBUSA template/forms” and a complete playbook of defensive legal strategies could have profound and lasting negative ramifications for the automaker’s ongoing litigation efforts. Furthermore, the inclusion of “New Vendor Questionnaire forms” that contain banking details raises serious concerns beyond simple data exposure, opening the door for potential business email compromise (BEC) schemes or other forms of financial fraud directed at the automaker’s network of vendors and partners.
At the present time, neither Mercedes-Benz USA nor the named outside counsel, Burris & MacOmber LLP, has released any official statement to confirm or deny the authenticity of the purported data. In light of the claim, security analysts are advising customers who have been involved in recent warranty disputes with the manufacturer to immediately increase their vigilance. This includes rigorously monitoring their credit reports for suspicious activity and being particularly wary of any phishing attempts that reference specific details from their case files.
Reference:
