CityBee
February 17, 2021
•[ leak, automotive ]
Police in Lithuania are investigating after the personal data of 110,000 customer of the CityBee car sharing service is leaked.
CityBee
February 5, 2021
•[ leak, misconfiguration, automotive ]
In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.
Ucar
January 20, 2021
•[ ransomware, malware, automotive ]
The vehicle rental company Ucar revealed that it was the victim of a ransomware attack earlier this year.
Communauto
January 9, 2021
•[ ransomware, malware, automotive ]
Montreal car-sharing service Communauto was the target of a cyber attack resulting in a number of locked servers and encrypted data.
DriveSure
January 4, 2021
•[ hack, automotive ]
Personal data of 3 Million+ customers exposed in a hack of DriveSure, a car dealership service provider.
DriveSure
December 19, 2020
•[ hack, automotive ]
In December 2020, the car dealership service provider DriveSure suffered a data breach. The incident resulted in 26GB of data being downloaded and later shared on a hacking forum. Impacted personal information included 3.6 million unique email addresses, names, phone numbers and physical addresses. Vehicle data was also exposed and included makes, models, VIN numbers and odometer readings. A small number of passwords stored as bcrypt hashes were also included in the data set.
Inchcape Australia
December 14, 2020
•[ ransomware, malware, automotive ]
Automotive services provider Inchcape Australia appears to have been hit by the Ransomexx ransomware, with the cyber criminals leaking some data that they stole, on the dark web.
Inchcape
December 14, 2020
•[ ransomware, leak, malware ]
Automotive services provider Inchcape Australia appears to have been compromised by the Windows Ransomexx ransomware, with the cyber criminals who hit the company leaking some data that they stole, on the dark web.
Unidas (LCAM3)
November 23, 2020
•[ hack, automotive ]
Brazilian car rental compnany Unidas has suffered a data breach.
Airlink International UAE
May 30, 2020
•[ leak, automotive ]
Cybersecurity researchers from Cyble have found a threat actor sharing leaked data of Airlink International UAE for free on two platforms on the dark web.
Arrigo Automotive Group
December 11, 2019
•[ ransomware, malware, automotive ]
Arrigo Automotive Group is hit by a ransomware attack costing up to $250,000.
Audi
August 14, 2019
•[ leak, misconfiguration, automotive ]
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Kwik Fit
January 30, 2019
•[ hack, malware, automotive ]
Kwik Fit confirms that its computer network has been infected with malware, disrupting its ability to book in vehicle repairs and handle other customer requests.
Royal Enfield
January 1, 2019
•[ leak, misconfiguration, automotive ]
In January 2020, motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. The impacted data included email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Autocentrum.pl
February 4, 2018
•[ leak, misconfiguration, automotive ]
In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.
GoGet
January 31, 2018
•[ hack, automotive ]
Car-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.
Exposed VINs
June 5, 2017
•[ leak, misconfiguration, automotive ]
In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.
museomodena
January 24, 2016
•[ hack, automotive ]
The hack is not particularly impacting (664 usernames) but it affects an official subdomain of Ferrari.
Vehicle Donation Processing Center
July 6, 2015
•[ hack, automotive ]
Charitable car donors using the Vehicle Donation Processing Center learn their personal information was hacked.
copart
May 28, 2015
•[ hack, automotive ]
Copart.com automobile auction website, notifies its users that its computer systems were breached by an unknown attacker, who gained access to sensitive information belonging to its members.
