InfoSecBulletin Cybersecurity for mankind
Hyundai reported a data breach that impacted car owners in Italy and France and people who booked their test drives. The company has warned that hackers accessed customers’ data.
Hyundai owns roughly 3% of the market shares in Italy and France, selling nearly half a million vehicles a year in Europe.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
As per Twitter reports, the following data has been exposed.
- Physical addresses
- E-mail addresses
- Telephone numbers
- Vehicle data (Chassis numbers)
The breach notification released by Hyundai also mentioned that the threat actor did not steal any financial data or identification numbers.
Hyundai Italy said, “Our IT investigations confirmed that some of our customer data may indeed have been impacted. Specifically, the data includes contact information (such as emails, addresses and telephone numbers) and vehicle data (such as chassis numbers). Neither financial data nor official identification numbers were affected.”
In addition, Hyundai warned their customers that there might be phishing and social engineering attempts, asking them to be vigilant about any unsolicited emails and SMS text that appears to have originated from Hyundai.
As per Hyundai France’s reports, the exposed data has gone to a certain extent, adding First Name, Last name, DOB, telephone, Customer name, postal address, and chassis number.
“As soon as we were notified of the incident, we immediately launched an investigation and implemented all measures to contain it. We turned to the best cybersecurity specialists and our lawyers to support us in handling the incident.”
“We promptly informed the Guarantor for the Protection of Personal Data and among the various security measures adopted, we blocked the server concerned and permanently removed it from the network. We are continuing to work with our IT teams to ensure our systems maintain a high standard of security.”
Hyundai has indicated that both of their data breaches have been informed to the data protection authorities of Europe. They are working with their cyber security and IT teams to rectify this issue.
At this stage, it cannot be concluded how many customers could be affected by this breach, how long the intrusion lasted, or what counties were affected. Further reports from Hyundai will clarify these questions.
