Hyundai

Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data.

Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy.

According to multiple reports on Twitter and a sample of the notice shared by “HaveIBeenPwned” creator Troy Hunt, the incident has exposed the following types of data:

  • E-mail addresses
  • Physical addresses
  • Telephone numbers
  • Vehicle chassis numbers

The letter also clarifies that the hacker who accessed Hyundai’s database did not steal financial data or identification numbers.

Hunt tweet

Hyundai says they engaged IT experts in response to the incident, who have taken the impacted systems offline until additional security measures are implemented.

In the same communication, the South Korean car brand warns its customers to be cautious with unsolicited e-mails and SMS texts claiming to originate from them, as they could be phishing and social engineering attempts.

“Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group.” says Hyundai Italia.

The same letter was sent to Hyundai car owners in France, with both entities informing data protection authorities in the two countries.

It is unclear how many Hyundai customers this incident impacts, how long the network intrusion lasted, and what other countries might be affected.

BleepingComputer has contacted Hyundai to learn more about the security incident, and we will update this post as soon as we hear back.

Hyundai has suffered from a range of cybersecurity issues recently. 

In February 2023, the company rolled out emergency software updates on several car models impacted by a simple USB cable hack that enabled thieves to steal them.

In December 2022, bugs in the Hyundai app allowed remote attackers to unlock and start various impacted models or expose car owner information. 

Related Articles:

Singing River Health System: Data of 895,000 stolen in ransomware attack

Europol confirms web portal breach, says no operational data stolen

Helsinki suffers data breach after hackers exploit unpatched flaw

The Post Millennial hack leaked data impacting 26 million people

Largest non-bank lender in Australia warns of a data breach