Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive.
Threat actors had access to the email addresses, physical addresses, telephone numbers, and vehicle chassis numbers of the impacted individuals.
The data breach letter sent to the impacted individuals informs them that an unauthorized third party had access to the database of customers. Hyundai Italy has notified the privacy watchdog and hired external cybersecurity experts to determine the scope of the incident.
According to the letter, financial data were not exposed. The number of impacted individuals is still unclear.
In response to the incident, the company has taken the impacted systems offline.
“On behalf of Hyundai Motor Company Italy, I regret to inform you that our company has recently learned that an unauthorized third party has accessed certain information contained in our customer database.” reads the data breach notification letter sent to the impacted individuals. “Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group. In particular, we recommend that you avoid pressing any link that may be contained in the contact attempt you may receive.”
The company also warns impacted individuals to be cautious with unsolicited contact attempts via e-mail, mail and/or text message.
The incident is the last problem in order of time suffered by the South Korean carmaker, in February Hyundai and Kia carmakers released an emergency software update to fix a flaw that can allow stealing a car with a USB cable.
In December 2019, German media reported that hackers suspected to be members of the Vietnam-linked APT Ocean Lotus (APT32) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade secrets.
In April 2017, security vulnerabilities in the Hyundai Blue Link mobile apps could have allowed hackers to locate, unlock and start vehicles of the carmaker.
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Hyundai)