Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service providers. In an email sent to customers and seen by Hackread.com, the automaker says that while its own systems were not breached, attackers gained access via the external provider.
It is unclear exactly how many customers have been impacted. According to the email, the exposed data could include:
- Gender
- Phone number
- Email address
- Postal address
- First name and surname
- Vehicle registration number
- Vehicle Identification Number (VIN)
Renault emphasises that it holds no bank or financial account details, and thus those remain unaffected by the breach.
What Renault is Doing Now
The company states the incident was isolated, has since been contained, and appropriate remediation steps are underway. Renault says it is cooperating with the third-party provider and has notified relevant authorities. The firm insists none of its own internal systems were compromised.
Renault also warns recipients to remain alert against unsolicited contacts seeking personal information, and stresses that it will never ask for passwords over email or phone.
Rising Cyber Risks in the Automotive Sector
This incident comes amid a sudden increase in cyberattacks affecting automakers and suppliers. In September 2025, Jaguar Land Rover (JLR) suffered a major cyberattack that disrupted production and forced the company to disable key systems.
In another incident, Stellantis, the maker of Fiat, Jeep, Dodge, Maserati, Peugeot and others, recently disclosed that a third-party service provider’s systems were hacked, exposing customer contact data, excluding financial details.
Supply-chain and third-party attacks are becoming more common targets, as attackers use weaker links to gain access to larger companies. The fact that Renault’s breach reportedly came via a contractor reflects that trend.
