A threat actor known as “zestix” has claimed responsibility for a significant data breach affecting Mercedes-Benz USA (MBUSA), allegedly exfiltrating 18.3 GB of sensitive legal and customer information.
The leaked dataset purportedly originates from Burris & MacOmber LLP, a law firm identified by the hacker as the “National Coordinating Counsel” for MBUSA’s lemon law and warranty litigation.
The threat actor posted the dataset for sale on a dark web forum, pricing the complete archive at $5,000. According to the listing, the breach exposes a wide array of internal documents, spanning active and closed litigation files from 48 U.S. states.
According to ThreatMon who Spotted the Claim, the leak appears to target the legal infrastructure supporting Mercedes-Benz’s defense against consumer warranty claims, specifically the Magnuson-Moss Warranty Act and the Song-Beverly Consumer Warranty Act.
If verified, this incident highlights the critical vulnerability of third-party legal vendors who process highly sensitive corporate and consumer data. The actor claims the breach includes “every defensive strategy, outside counsel billing rate, and settlement policy” utilized by the automotive giant in the United States.
The leaked archive is allegedly comprehensive, containing both operational legal data and Personally Identifiable Information (PII) of customers. The following table details the specific types of files listed in the threat actor’s manifesto:
This incident underscores the persistent risk posed by supply chain vulnerabilities. While Mercedes-Benz USA has faced data exposure incidents in the past, such as the inadvertent cloud storage leak in 2021 that affected nearly 1,000 customers, this specific event targets the legal supply chain rather than the company’s direct corporate infrastructure.
The exposure of “confidential MBUSA template/forms” and defensive legal strategies could have lasting ramifications for ongoing litigation. Furthermore, the inclusion of “New Vendor Questionnaire forms” containing banking details raises concerns about potential business email compromise (BEC) or financial fraud targeting the automaker’s vendor network.
At the time of this report, neither Mercedes-Benz USA nor Burris & MacOmber LLP has issued an official statement confirming the authenticity of the data. Security analysts recommend that customers involved in recent warranty disputes with the manufacturer monitor their credit reports and remain vigilant against phishing attempts referencing their case files.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
