September 04, 2023

Identity Theft Risks in the Auto Industry

Fall is approaching, marking a time of year when the automotive industry experiences  a peak in demand as new car models for the coming year are released. 

With an increase in sales, the data security risks for dealerships can also escalate. Dealerships play a pivotal role in the sales process, handling physical documents and information that could be exploited if not properly safeguarded. Sensitive data includes credit applications, credit card numbers, social security numbers (SSNs), and financing information.

According to the 2022 Shred-it® Data Protection Report (DPR), only 27% of small business leaders (SBLs) surveyed indicated that they collect and destroy sensitive physical materials when no longer needed. These results show the need for dealerships to prioritize the safeguarding of their sensitive physical materials.

To help prevent confidential information from falling into the wrong hands, car dealerships should adopt comprehensive solutions that address digital and physical data security risks.

Eight Data Security Risks and Solutions for the Auto Industry

Small and medium-sized car dealerships may be overlooking the risks of physical information theft. According to the 2022 DPR, while 91% of the SBLs surveyed believed that physical and digital data protection are equally important, 53% of SBLs asserted that digital risks are the greatest data protection risk to their business today. However, as SBLs prioritize digital risks, their organizations are exposed and more vulnerable to physical risks. Shred-it® analyzes some of the most common risks and provides different solutions that can help address these challenges.

Risk #1: Papers Left in the Open

Leaving confidential papers on a desk or counter makes it more accessible for bad actors to simply steal the information, increasing the risk of a data breach. Papers left at print stations or thrown out in unsecured regular trash or recycling bins can pose significant threats. The 2022 DPR highlights that 31% of breaches experienced by survey respondents in 2021 were a result of malicious insiders, making it necessary to have solutions for securely storing and discarding papers that contain sensitive information.


  • Clean Desk Policy: A clean desk policy helps ensure dealership staff shred or contain physical documents and that all technological devices are password protected each time an employee leaves a workspace. A clean desk policy also helps reduce clutter, contributing to an organized workspace in addition to improving the security and confidentiality of information.
  • Shred-it-all Policy: This policy encourages the regular destruction of all documents. It is one of the most effective ways to help prevent physical data breaches from occurring. Make sure to check the documents recommended retention period.  Depending on the record, there may be laws and regulations that dictate which documents need to be kept and for how long. Follow document retention schedules to help keep offices free of clutter and to contribute to information security.

Risk #2: Lack of Employee Training

The 2022 DPR highlights that lack of employee training is a growing concern for small businesses, with 66% of the SBLs surveyed fearing their organization is vulnerable to data breaches. Almost half (48%) of the SBLs surveyed believe employee error is a main source of data breaches. Regular employee training can help dealership employees better understand their role in maintaining information security and the actions to take if a data breach occurs.


  • Ongoing education to employees on recognizing and defending against online scams and other information security best practices.
  • Implement a written data security policy and conduct regular employee training.
  • Use security awareness reminders in the workplace to foster a culture of data security.

Risk #3: Visual Hacking

Visual hacking refers to discreetly using a smartphone to capture confidential information or simply memorizing what one sees. This hacking can occur in a dealership showroom when a salesperson wanders away from their desk. The 2022 DPR reveals that, surpassing the figure of malicious insiders, 55% of breaches experienced by survey respondents in 2021 resulted from malicious outsiders, emphasizing the need to safeguard screens and documents.


  • Provide privacy filters for desktop monitors, laptops, tablets, and smartphones to help protect confidential information from prying eyes.
  • Avoid saving passwords or sensitive data on sticky notes.
  • Enforce a clean desk policy to help ensure papers are in locked cabinets.

Risk #4: DIY Paper Shredding

Paper destruction is a constant necessity for businesses to securely dispose of confidential documents. While some dealerships may consider managing paper destruction internally, there are hidden costs in the do-it-yourself (DIY) approach. Some areas where hidden costs can arise include security, productivity, equipment, and even worker safety.

Solution: Partner with a trusted outside shredding service that uses industrial-grade cross-cut shredding equipment to ensure secure paper destruction.

Risk #5: Stockpile of Old Equipment

In the fast-paced world of technology, where advancements occur rapidly, legacy equipment can become a liability for auto dealerships. If stockpiled instead of securely disposed of, legacy equipment can expose dealerships to heightened vulnerability, serving as potential entry points for security breaches.


Risk #6: Data Collection

Storing data that has no commercial purpose can contribute to an increased security risk for auto dealerships. The more data collected and retained, the higher the potential exposure to security threats.

Solution: Implement a data retention policy, along with encryption and secure data storage, to limit the collection, use, and retention of confidential information to what is necessary for business and regulatory compliance.

Risk #7: Sharing Data with Third Parties

Dealerships often must share confidential customer information with third parties such as insurance companies, consumer reporting companies, financial organizations, and vehicle manufacturers.

Solution: Require third-party companies you work with to confirm their confidentiality and information security standards

Risk #8: Struggle with Regulatory Compliance

Privacy laws and regulations may require organizations to protect certain sensitive data used or generated in the workplace for specific time periods or using particular methodologies. The 2022 DPR emphasizes that while small business leaders see the value of data and information protection regulations, more than half of those surveyed also struggle with compliance due to regulatory changes and a lack of key resources.


  • Stay informed about all the different privacy laws that pertain to the dealership.
  • Implement a compliance checklist and set up appropriate retention and destruction schedules for confidential documents to stay compliant with obligations.

These are just a few risks and solutions the auto industry can face protecting their private information, and it may seem overwhelming. A great solution to this problem is using a trusted professional document and hard drive destruction service like Shred-it® that has a variety of options to best suit any business’ needs.