Open in app

Sign in

Write

Sign in

Schedules, Orders, and Inventory: The Dealership Information Horde that Thieves Can’t Wait to Steal

Eyewitness Surveillance
Information Risk Management
Published in
4 min readSep 29, 2017

The recent Equifax security breach has left millions of Americans at risk of identity theft — but they’re not the only business with a treasure pile of information. Your dealership collects and hordes business, employee, and customer information. More than just email addresses or Social Security numbers, your dealership’s schedules, lists, and customer notes could put your business — and your people — at risk to theft and identity thieves.

Before you can protect your information from a breach like Equifax’s, however, you must know what and where the important information is at your dealership.

Dealership-Specific Information

Your dealership’s internal databases hold a wealth of company-specific information. Each department contains a goldmine’s worth of data for hackers and would-be thieves — and it’s not all bank account numbers.

Inventory: Tracking and Ordering

You’re ordering tons of parts and equipment from the factory to supply your service department. Plus, you’ve got those quarterly vehicle requests.

Even if someone doesn’t slip in an extra model or easily fencible supplies, knowing inventory shipping schedules is a boon to thieves. It’d offer enough information for an experienced crook to slip in and out during the loading process.

Vendor Information

Your contact and account information for the various vendors with which your company does business could make it incredibly easy for a criminal to assume your company’s identity. All they’d have to do is send an email to your vendor and order something on your account before you can reconcile the account.

(And if you think that’s alarmist, it happens more often than you’d think. In June 2017, an “email trickster” fooled a senior cyber security advisor — of all people! — into thinking he was the president’s son. The advisor then released classified information to this civilian. The prankster told reporters that he wouldn’t do it again, but that the White House “needs to tighten up IT policy.”)

Employee Schedules

If your internal schedule becomes public — particularly if it lists security guard shifts — then thieves will know exactly when and where to hit your dealership for the maximum return on their efforts.

This summer, we heard about a dealership that was caught off-guard — literally — when thieves tracked the on-site guards’ schedules. They stole dashboard electronics from cars on the lot… on a night when guards weren’t on duty.

Payroll Data and Sales Figures

How much you pay your employees — and how much cash you take in on a given day — will inform future hits on your business. Companies that are doing well can expect a future visit from a strike-while-the-iron’s hot sort of criminal.

And if that criminal has a real-time feed of internal communications, listening and watching for big sales days and patterns? Well, they’ll be at your doorstep sooner than you’d think.

Employee Information

Your dealership contains vital information about your employees that, if retrieved by hackers, could put them at risk of financial ruin.

A quick “hit list” of vital information from your employees includes:

  • Full legal name, birthdate, physical and mailing address, and Social Security number — all enough to form a convincing fake identity in the hands of a forger.
  • Bank account information and various payroll data
  • Possible medical information like noted absences to visit primary care physicians or specialists. A desperate drug dealer could use this information to obtain opiates or pain killers from employee residences.
  • Access permissions to various areas of the dealership, which could tell them whose keys they should “borrow” unnoticed.

Customer Information

The metaphorical Holy Grail of information is neatly filed away in your customer records. This information is what most unimaginative hackers will be after when they access your system.

Every scrap of information you collect, from the initial visit to your website to their final signature on the dotted line, is valuable to a hacker in some way. However, these are the most valuable pieces of customer information you have:

  • Customers’ full legal name and aliases
  • Birthdates
  • Social Security numbers
  • Valid email address
  • Phone numbers for home, work, and cell
  • Financial information, including but not limited to:
  • Bank account numbers
  • Credit score and history
  • Pay stubs
  • Current & previous employer information
  • Copies of their driver’s license and car insurance

… All that, in addition to miscellaneous data collected throughout the customer’s relationship with your dealership. A service manager’s notes about how often a customer gets their oil changed, for example, could lead a crook to show up around their “regular” time, impersonating them to unsuspecting salespeople.

Between the dealership, its employees, and your customers, you’ve collected a lot of information to protect — and a lot at stake if you don’t. We’ll talk more about specific ways to protect your data in future articles and guides. For now, however, be aware of just what your dealership holds, and how criminals could use that information against yourself and your people.

Originally published at Eyewitness Surveillance.

Identity Theft
Risk Management
Security Trends
Information Security
IoT

--

--

Eyewitness Surveillance
Information Risk Management

Written by Eyewitness Surveillance

24 Followers
Editor for

We stop theft before it happens through cutting-edge live video surveillance and sophisticated analytics with the best people in the business.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams