Hyundai confirmed on Twitter that a third party accessed information from a customer database, but has not revealed the scale of the breach.
Car manufacturer Hyundai has suffered a data breach that has exposed sensitive customer details, according to emails shared on Twitter.
Several users have shared images of an email notifying them of a data breach. It is unclear how large the scale of the breach is, but Italian and French customers are confirmed to have been impacted by Hyundai.
Just received an email from @Hyundai_Italia (@Hyundai_Global) notifying me about a data breach for my account. Looks like a third party accessed their databases containing sensitive data.
As an Engineer primarily dealing with security and infrastructure, I'm so disappointed! pic.twitter.com/d04vXasadH
— Nicholas Valbusa (@squallstar) April 12, 2023
In a response to one impacted customer, Hyundai’s French account said that an “unauthorised third party” accessed information from its customer database. Hyundai’s Italian account shared similar details to another impacted customer.
“Among the various security measures implemented, we have blocked the affected server and permanently removed it from our network,” the Hyundai account said.
The email, sent by Hyundai Italia, said the breached data includes contact information such as emails, addresses and telephone numbers. The stolen data also includes vehicle information, but Hyundai said financial data was not impacted.
Hyundai has not responded to requests for comment or further details about the data breach.
Attacks on the motor industry
This data breach follows a recent ransomware attack on luxury sports car maker Ferrari, which also led to customer details being stolen. Ferrari said it immediately started an investigation and refused to pay any ransom.
Uber recently revealed it suffered another data breach as a result of private driver data being stolen from a third-party law firm.
Martin Mackay, CRO at cybersecurity company Versa Networks, said the motor industry is an “attractive target for cybercriminals” due to the large amount of personal identifiable information (PII) that it holds.
“The theft of PII can have serious consequences for individuals, as it can be sold on the dark web or used to commit identity fraud and theft,” Mackay said. “Those affected by these breaches should be vigilant in watching out for phishing emails and text messages over the next few weeks.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.