In a California regulatory filing, the automaker told customers that the bad actors accessed their personal information and, in some cases, redeemed customer reward points.
GM said in the filing, “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”