A threat actor operating under the alias "zestix" has allegedly breached the legal infrastructure supporting Mercedes-Benz USA (MBUSA), claiming to have exfiltrated approximately 18.3 GB of highly sensitive data. The archive, which has been listed for sale on a dark web forum for a relatively low price of $5,000, reportedly contains critical legal documents, defense strategies, and customer Personally Identifiable Information (PII).
According to threat intelligence firm ThreatMon, which first identified the listing, the breach appears to target the third-party legal framework Mercedes-Benz uses to defend against consumer warranty claims. The leaked dataset specifically references litigation involving the Magnuson-Moss Warranty Act and the Song-Beverly Consumer Warranty Act—federal and state laws governing consumer product warranties.
The threat actor claims the stolen data encompasses "every defensive strategy, outside counsel billing rate, and settlement policy" used by the automaker in the United States. If verified, this exposure would provide opposing counsel and potential fraudsters with an unprecedented look into the company's internal legal playbook, covering active and closed litigation files across 48 states.
Beyond legal strategy, the alleged leak poses significant financial and privacy risks. The archive reportedly includes "New Vendor Questionnaire forms" containing banking details, which raises immediate concerns about potential Business Email Compromise (BEC) attacks and financial fraud targeting Mercedes-Benz's vendor network.
Furthermore, the inclusion of customer PII linked to warranty disputes places consumers at risk of identity theft and targeted phishing campaigns. Security analysts warn that affected customers—particularly those involved in recent legal disputes with the manufacturer—should aggressively monitor their credit reports and remain vigilant against communication referencing their specific case files.
This incident underscores the growing danger of supply chain attacks, where hackers target third-party vendors to access the data of larger corporations. While Mercedes-Benz USA experienced an inadvertent cloud storage leak in 2021 affecting nearly 1,000 customers, this new incident suggests a direct compromise of external legal partners rather than the company’s core infrastructure.
As of this report, neither Mercedes-Benz USA nor the mentioned legal firm, Burris & MacOmber LLP, have released official statements confirming the data's authenticity. However, the specificity of the claimed data—including confidential templates and billing rates—suggests a potentially serious breach of attorney-client privilege and corporate confidentiality.