Pierluigi Paganini April 12, 2023

Hyundai disclosed a data breach that impacted Italian and French car owners and clients who booked a test drive.

Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive.

Threat actors had access to the email addresses, physical addresses, telephone numbers, and vehicle chassis numbers of the impacted individuals.

The data breach letter sent to the impacted individuals informs them that an unauthorized third party had access to the database of customers. Hyundai Italy has notified the privacy watchdog and hired external cybersecurity experts to determine the scope of the incident.

According to the letter, financial data were not exposed. The number of impacted individuals is still unclear.

In response to the incident, the company has taken the impacted systems offline.

“On behalf of Hyundai Motor Company Italy, I regret to inform you that our company has recently learned that an unauthorized third party has accessed certain information contained in our customer database.” reads the data breach notification letter sent to the impacted individuals. “Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group. In particular, we recommend that you avoid pressing any link that may be contained in the contact attempt you may receive.”

The company also warns impacted individuals to be cautious with unsolicited contact attempts via e-mail, mail and/or text message.

The incident is the last problem in order of time suffered by the South Korean carmaker, in February Hyundai and Kia carmakers released an emergency software update to fix a flaw that can allow stealing a car with a USB cable.

In December 2019, German media reported that hackers suspected to be members of the Vietnam-linked APT Ocean Lotus (APT32) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade secrets.

In April 2017, security vulnerabilities in the Hyundai Blue Link mobile apps could have allowed hackers to locate, unlock and start vehicles of the carmaker.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Hyundai)