InfoSecBulletin Cybersecurity for mankind
Hyundai reported a data breach that impacted car owners in Italy and France and people who booked their test drives. The company has warned that hackers accessed customers’ data.
Hyundai owns roughly 3% of the market shares in Italy and France, selling nearly half a million vehicles a year in Europe.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
As per Twitter reports, the following data has been exposed.
- Physical addresses
- E-mail addresses
- Telephone numbers
- Vehicle data (Chassis numbers)
The breach notification released by Hyundai also mentioned that the threat actor did not steal any financial data or identification numbers.
Hyundai Italy said, “Our IT investigations confirmed that some of our customer data may indeed have been impacted. Specifically, the data includes contact information (such as emails, addresses and telephone numbers) and vehicle data (such as chassis numbers). Neither financial data nor official identification numbers were affected.”
In addition, Hyundai warned their customers that there might be phishing and social engineering attempts, asking them to be vigilant about any unsolicited emails and SMS text that appears to have originated from Hyundai.
As per Hyundai France’s reports, the exposed data has gone to a certain extent, adding First Name, Last name, DOB, telephone, Customer name, postal address, and chassis number.
“As soon as we were notified of the incident, we immediately launched an investigation and implemented all measures to contain it. We turned to the best cybersecurity specialists and our lawyers to support us in handling the incident.”
“We promptly informed the Guarantor for the Protection of Personal Data and among the various security measures adopted, we blocked the server concerned and permanently removed it from the network. We are continuing to work with our IT teams to ensure our systems maintain a high standard of security.”
Hyundai has indicated that both of their data breaches have been informed to the data protection authorities of Europe. They are working with their cyber security and IT teams to rectify this issue.
At this stage, it cannot be concluded how many customers could be affected by this breach, how long the intrusion lasted, or what counties were affected. Further reports from Hyundai will clarify these questions.
