Third-Party Breach Exposes Sensitive UK Customer Data, Renault Confirms

Renault, the renowned automobile manufacturer, announced that a third-party service provider experienced a significant data breach, compromising sensitive personal information belonging to its customers in the United Kingdom.

 

French multinational automobile manufacturer, Renault is a major international corporation operating in 128 countries, with its primary market being Europe. The company markets vehicles under several distinct brands, including Renault, Dacia, Alpine, Lada, and Renault Samsung Motors.

 

In a data security incident notice, Renault UK said that one of its third-party service providers suffered a significant data breach, resulting in the compromise of personal information belonging to certain UK-based customers. The service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

 

 

The compromised data included names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers and vehicle registration numbers. The company added that no financial data or passwords were impacted during the incident.

 

Dacia sent a similar data security incident notice to affected customers confirming the incident.

 

“The third-party has confirmed that this was an isolated incident, which has now been contained and removed. We are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities,” Dacia said.

 

The incident follows the significant cyber attack on Jaguar Land Rover that forced the company to shut down multiple critical systems, severely disrupting its production and retail operations.

 

A hacking collective known as Scattered Lapsus$ Hunters, which claimed responsibility for a recent cyberattack, has reportedly launched a ransomware group called the “Trinity of Chaos.” This new collective is believed to be connected to the Lapsus$, Scattered Spider, and ShinyHunters groups. Alongside the launch, they unveiled a data leak site listing 39 companies allegedly impacted by the attacks.