Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.
Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy.
According to multiple reports on Twitter and a sample of the notice shared by “HaveIBeenPwned” creator Troy Hunt, the incident has exposed the following types of data:
- E-mail addresses
- Physical addresses
- Telephone numbers
- Vehicle chassis numbers
The letter also clarifies that the hacker who accessed Hyundai’s database did not steal financial data or identification numbers.
Hyundai says they engaged IT experts in response to the incident, who have taken the impacted systems offline until additional security measures are implemented.
In the same communication, the South Korean car brand warns its customers to be cautious with unsolicited e-mails and SMS texts claiming to originate from them, as they could be phishing and social engineering attempts.
“Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group.” says Hyundai Italia.
The same letter was sent to Hyundai car owners in France, with both entities informing data protection authorities in the two countries.
It is unclear how many Hyundai customers this incident impacts, how long the network intrusion lasted, and what other countries might be affected.
BleepingComputer has contacted Hyundai to learn more about the security incident, and we will update this post as soon as we hear back.
Hyundai has suffered from a range of cybersecurity issues recently.
In February 2023, the company rolled out emergency software updates on several car models impacted by a simple USB cable hack that enabled thieves to steal them.
In December 2022, bugs in the Hyundai app allowed remote attackers to unlock and start various impacted models or expose car owner information.