Renault and its Dacia brand told customers in the United Kingdom that sensitive personal information they provided to the carmaker was exposed following a cyberattack at an unnamed third‑party provider, the company said. The companies said customers were notified of the incident and posted notices online (1, 2).
In a notice to customers the company said, “We are very sorry to inform you about a cyber‑attack on one of our third‑party providers, leading to some Renault UK customers’ personal data being taken from one of their systems.” An image of the notice shared online was credited to Troy Hunt. Renault said the exposed data types include full name, gender, phone number, email address, postal address, vehicle identification number and vehicle registration number.
Renault said banking or financial information was not exposed in this incident. The company added that the targeted third‑party has isolated the incident and removed the threat from its networks, and that U.K. authorities including the Information Commissioner’s Office have been informed.
The notice warned that the types of data exposed could be used to target individuals with phishing, scams and other social‑engineering attacks, and advised recipients to remain vigilant against unsolicited calls and emails and never to share passwords.
The incident follows a recent cyberattack at Jaguar Land Rover in the U.K. that severely disrupted production and led the company to take a UK government‑guaranteed £1.5 billion loan.