Autosur, the company specializing in the technical control of vehicles, was the victim of a cyber attack. Result: data of 10 million customers are on sale on the Dark Web, including very sensitive information on vehicles.
It’s a real hecatombe! The wave of hacks that strikes French organizations and companies seems to end, and there is no more than a week without there being a new victim. After La Poste, Intersport, the Banque Populaire, the Savings Fund and the MAIF, it is the Autosur turn to be the target of a cyber attack. The company specializing in automotive technical control has indeed sent An e-mail with the main ones concerned To prevent them that personal data with more than 10 million customers have been exhibited on a hacking forum.
Autosur explains that “Attack resulted in unauthorized access to part of the personal data associated with your account: name, first name, email and post addresses, telephone number, license plate number“. Fortunately, banking data is not affected since Autosur does not hold them. However, the cybersecurity site Zataz Affirms that encrypted passwords, vehicle standard numbers, the history of technical controls and commercial and internal data (processing dates, appointments, reminders) would also be concerned.
Autosur hacking: sensitive information on stolen vehicles
This attack – one more – is worrying, because the stolen data has been put up for sale and, once purchased, it can be associated with others in order to set up phishing campaigns – which consist in sending false messages to recover banking or personal data – formidable personalized, but also to develop identity theft. Not to mention that the registration plates and other information on vehicles (standard numbers, brands, models), if Zataz’s claims are true, could be used to organize vehicle flights or insurance fraud.
For its part, Autosur wants to be reassuring, saying that “All necessary measures were taken immediately to put an end to this incident and strengthen the protection of our information systems“. In accordance with the legislation, the company notified the National Commission for Data Protection (CNIL) and filed a complaint.
The company recalls that it never requests its customers by email, SMS or telephone to request personal or identifier codes, and recommends that everyone is prudent. She recommends that victims have to assess their situation with 17cyber, a free online assistance service. Finally, she set up an email address, [email protected], for customers who would have the slightest question.