InfoSecBulletin Cybersecurity for mankind
Hyundai reported a data breach that impacted car owners in Italy and France and people who booked their test drives. The company has warned that hackers accessed customers’ data.
Hyundai owns roughly 3% of the market shares in Italy and France, selling nearly half a million vehicles a year in Europe.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
As per Twitter reports, the following data has been exposed.
- Physical addresses
- E-mail addresses
- Telephone numbers
- Vehicle data (Chassis numbers)
The breach notification released by Hyundai also mentioned that the threat actor did not steal any financial data or identification numbers.
Hyundai Italy said, “Our IT investigations confirmed that some of our customer data may indeed have been impacted. Specifically, the data includes contact information (such as emails, addresses and telephone numbers) and vehicle data (such as chassis numbers). Neither financial data nor official identification numbers were affected.”
In addition, Hyundai warned their customers that there might be phishing and social engineering attempts, asking them to be vigilant about any unsolicited emails and SMS text that appears to have originated from Hyundai.
As per Hyundai France’s reports, the exposed data has gone to a certain extent, adding First Name, Last name, DOB, telephone, Customer name, postal address, and chassis number.
“As soon as we were notified of the incident, we immediately launched an investigation and implemented all measures to contain it. We turned to the best cybersecurity specialists and our lawyers to support us in handling the incident.”
“We promptly informed the Guarantor for the Protection of Personal Data and among the various security measures adopted, we blocked the server concerned and permanently removed it from the network. We are continuing to work with our IT teams to ensure our systems maintain a high standard of security.”
Hyundai has indicated that both of their data breaches have been informed to the data protection authorities of Europe. They are working with their cyber security and IT teams to rectify this issue.
At this stage, it cannot be concluded how many customers could be affected by this breach, how long the intrusion lasted, or what counties were affected. Further reports from Hyundai will clarify these questions.
