British customers of automakers Renault and Dacia have been notified that their personal data has been compromised. It is reported that the leak occurred at a third-party contractor.
The French automaker (Dacia is Renault’s subsidiary brand), which employs more than 170,000 people and has an annual production of 2.2 million vehicles, reported that the leak affected only customers of its UK divisions. It emphasized that the incident was linked to an unnamed third-party contractor, and Renault’s own systems were not compromised.
“We regret to inform you that one of our partners suffered a cyberattack, as a result of which personal data of some Renault UK customers was stolen from its system,” the company’s notice says.
The compromised data that ended up in the hackers’ hands includes:
- full name;
- gender;
- phone number;
- email address;
- postal address;
- vehicle identification number (VIN);
- license plate number.
This set of data could be used by malicious actors for phishing attacks, fraud, and social engineering schemes. Renault emphasizes that customers’ banking and financial information was not compromised.
The company adds that the affected contractor has contained the incident and eliminated the threat within its networks. British regulators, including the Information Commissioner’s Office (ICO), have already been notified of the cyberattack.
Customers are advised to remain vigilant, not to respond to suspicious calls and emails, and not to share their passwords with anyone.