Threat actor claims sale of Mercedes-Benz USA legal and customer data after alleged 18.3 GB breach

A threat actor using the alias “zestix” has claimed responsibility for an extensive data breach impacting Mercedes-Benz USA, posting 18.3 GB of alleged legal and customer information for sale on a dark web forum. The actor priced the full dataset at 5,000 dollars and stated that it contains internal documents tied to active and closed litigation across 48 U.S. states.

Mercedes-Benz USA, a major automotive manufacturer known for its luxury vehicles, appears to have been targeted through third-party legal infrastructure rather than its primary corporate systems. The exposed material is described as legal records connected to the company’s defense against consumer warranty claims involving the Magnuson-Moss Warranty Act and the Song-Beverly Consumer Warranty Act. The actor asserts that the archive includes defensive strategies, outside counsel billing rates, settlement guidelines, and other sensitive operational legal data, along with personally identifiable information belonging to customers.

The listing suggests that the breach affects legal vendors supporting the automaker, underscoring ongoing concerns about supply chain vulnerabilities that expose corporate and consumer data. The dataset allegedly contains confidential Mercedes-Benz USA templates, forms, and internal workflows, which may influence current or future litigation if verified. The presence of New Vendor Questionnaire forms with banking information raises additional concerns about potential financial fraud or business email compromise attempts aimed at the company’s vendor network.

Mercedes-Benz USA experienced a separate data exposure event in 2021 involving misconfigured cloud storage, but that incident affected a smaller number of customers and did not involve the company’s legal ecosystem. The current claim, if authenticated, reflects a different type of risk centered on external partners handling sensitive legal and financial information.

No official confirmation of the breach has been issued by Mercedes-Benz USA or Burris & MacOmber LLP, a firm referenced within the claimed documents. Security professionals recommend that individuals involved in recent warranty-related disputes with the automaker monitor their financial accounts and remain alert to targeted phishing efforts referencing case details.