InfoSecBulletin Cybersecurity for mankind
Hyundai reported a data breach that impacted car owners in Italy and France and people who booked their test drives. The company has warned that hackers accessed customers’ data.
Hyundai owns roughly 3% of the market shares in Italy and France, selling nearly half a million vehicles a year in Europe.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
As per Twitter reports, the following data has been exposed.
- Physical addresses
- E-mail addresses
- Telephone numbers
- Vehicle data (Chassis numbers)
The breach notification released by Hyundai also mentioned that the threat actor did not steal any financial data or identification numbers.
Hyundai Italy said, “Our IT investigations confirmed that some of our customer data may indeed have been impacted. Specifically, the data includes contact information (such as emails, addresses and telephone numbers) and vehicle data (such as chassis numbers). Neither financial data nor official identification numbers were affected.”
In addition, Hyundai warned their customers that there might be phishing and social engineering attempts, asking them to be vigilant about any unsolicited emails and SMS text that appears to have originated from Hyundai.
As per Hyundai France’s reports, the exposed data has gone to a certain extent, adding First Name, Last name, DOB, telephone, Customer name, postal address, and chassis number.
“As soon as we were notified of the incident, we immediately launched an investigation and implemented all measures to contain it. We turned to the best cybersecurity specialists and our lawyers to support us in handling the incident.”
“We promptly informed the Guarantor for the Protection of Personal Data and among the various security measures adopted, we blocked the server concerned and permanently removed it from the network. We are continuing to work with our IT teams to ensure our systems maintain a high standard of security.”
Hyundai has indicated that both of their data breaches have been informed to the data protection authorities of Europe. They are working with their cyber security and IT teams to rectify this issue.
At this stage, it cannot be concluded how many customers could be affected by this breach, how long the intrusion lasted, or what counties were affected. Further reports from Hyundai will clarify these questions.
