Europcar confirms data breach following GitLab repository compromise

Europcar Mobility Group, a global leader in car rental services, has confirmed a data breach following a cyberattack on its GitLab repositories. The incident, which came to light in late March 2025, has potentially compromised sensitive information of up to 200,000 customers, primarily users of its Goldcar and Ubeeqo brands.

A threat actor using the alias "Europcar" surfaced on an underground forum, claiming to have successfully breached the company’s systems and exfiltrated its entire GitLab codebase. The hacker alleged they stole more than 9,000 SQL files containing personal data, alongside 269 environment configuration (.ENV) files used to store application credentials and infrastructure details. Europcar later confirmed the authenticity of the breach to BleepingComputer, though it disputed the claim that all of its repositories were compromised, clarifying that a portion of its source code remained intact.

Screenshots released by the attacker appear to show exposed credentials embedded in the stolen code, adding credibility to the breach claims. The company has since launched an internal investigation and is working to assess the scope and impact of the intrusion.

Initial reports suggest that the stolen data includes names and email addresses of Goldcar and Ubeeqo customers generated between 2017 and 2020. Critically, no payment information, passwords, or highly sensitive identifiers such as driver’s license numbers were reported to be included in the breach. Europcar stated that all affected individuals are being notified, and the relevant data protection authority has also been informed.

The method by which the attacker gained access to the GitLab environment has not yet been determined. However, industry experts speculate that the breach could have originated from phishing attacks, credential theft via infostealer malware, or brute-force attempts—though the first two are considered more plausible.

The threat actor reportedly attempted to extort Europcar by threatening to release 37GB of stolen data, which allegedly includes backups, cloud infrastructure details, and source code for Android and iOS applications. It remains unclear whether Europcar engaged in negotiations or paid any ransom.

This breach follows a series of past security concerns for Europcar. In 2022, a security researcher discovered an exposed admin token within the mobile app codebase, which could have allowed unauthorized access to sensitive customer data. Additionally, in 2024, the company was the subject of a false breach claim involving an alleged dataset of nearly 50 million customer records—a report that was later debunked.

As one of the world’s largest car rental companies, Europcar Mobility Group operates in 140 countries across Europe, North America, Asia, and Africa under several well-known brands, including Europcar, Goldcar, and Ubeeqo. Its expansive global footprint and customer base make it a high-value target for cybercriminals.