On August 16, 2024, GoKeyless, a provider of electronic keyless entry systems, identified unauthorized access to its information systems. The breach was found to have occurred between June 25, 2024, and August 16, 2024, facilitated through compromised user credentials. Although no evidence confirms the misuse of sensitive information, GoKeyless cannot definitively rule out the possibility of data being viewed or exfiltrated by the threat actor. Out of caution, the company has notified affected individuals of the incident.
The data potentially accessed includes first and last names, postal addresses, and credit card details, including CVV numbers. GoKeyless has assured customers that there is no conclusive evidence of exfiltration or misuse of this information. However, the company has chosen to inform impacted individuals to ensure they remain vigilant against potential identity theft or fraud. Notifications have been sent to ensure transparency and to provide guidance on protective measures.
In response to the breach, GoKeyless engaged third-party forensics and cybersecurity experts to investigate and mitigate the issue. Immediate steps were taken to contain the incident, including securing systems and implementing enhanced cybersecurity measures. The company also introduced employee training and administrative controls to reduce the risk of future breaches. Efforts to improve the company’s cybersecurity framework remain ongoing, guided by expert recommendations.
GoKeyless continues to monitor its systems closely for unusual activity and has implemented both technical and administrative safeguards. These measures are designed to protect customer data and prevent similar incidents in the future. By communicating openly about the breach and adopting improved security protocols, GoKeyless aims to rebuild trust with its customers while strengthening its defense against evolving cybersecurity threats.
Reference:
