BMW Financial Services NA Impacted in the AIS InfoSource Data Breach

On Feb. 18, 2025, BMW Financial Services NA, LLC learned of a data breach that affected 1,952 people in the United States, including two in Maine, according to a public disclosure filed with the Maine Attorney General. The incident originated not from BMW Financial Services’ own systems, but from AIS InfoSource LP, a third-party vendor providing monitoring and processing services for BMW Financial Services and its affiliates.

AIS detected suspicious activity in its network on Feb. 17, 2025, and immediately began investigating with the help of external forensic specialists. The investigation revealed that an unauthorized actor gained access to AIS’s systems between Feb. 16 and Feb. 21, 2025. During this window, the attacker exfiltrated a limited subset of data used in connection with legal monitoring services for BMW Financial Services accounts.

The exposed information includes names, Social Security numbers, credit and debit card numbers, bank account numbers, email addresses, passport numbers and medical ID numbers.

AIS completed a comprehensive review to determine the scope of the compromised data and the individuals impacted. By May 15, 2025, they had identified affected individuals and began gathering contact information to provide direct notice. Written notifications to impacted consumers were sent on July 2, 2025.

The breach is considered severe due to the nature of the data exposed and the potential for misuse. However, it is important to note that BMW Financial Services NA, LLC’s own systems and databases were not directly compromised; the incident was limited to AIS’s environment.

BMW Financial Services' response

In response to the incident, AIS and BMW Financial Services NA, LLC took immediate steps to secure the affected network and strengthen security measures. Additional technical safeguards have been implemented to prevent similar incidents in the future.

To support those affected, AIS is offering complimentary credit monitoring and identity restoration services through Equifax for up to 24 months. Impacted individuals are encouraged to enroll in these services by following the instructions provided in their notification letter. The deadline to enroll is included in the notice.

Given the sensitive nature of the information involved, those affected should remain vigilant for signs of identity theft or fraud. It is recommended to:

• Review account statements and credit reports regularly for suspicious activity
• Take advantage of the free credit monitoring and identity restoration services offered
• Consider placing a fraud alert or credit freeze with the major credit bureaus
• Promptly report any suspected identity theft to financial institutions and law enforcement

AIS and BMW Financial Services NA have provided a dedicated call center at 855-361-0323 for questions and further assistance.