Jump to content

French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors


Recommended Posts

French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors


  • UCAR announced a successful cyberattack that had no impact on its operations whatsoever.
  • From what can be deduced, the firm was hit by ransomware actors, so this may have a follow-up soon.
  • If the hackers managed to exfiltrate client data, that would include very sensitive information.




‘UCAR,’ the French car rental platform that operates a network of over 150 agencies in mainland France and overseas territories, has announced the news about a cyber-attack that took place at the start of the year. The company stated that the investigation aimed to analyze the nature and impact of the attack is still underway, with the help of a forensic expert firm whom they contracted.


In the meantime, the services remain up and available for all clients, as the company has restored from a backup, which is the element that clearly indicates a ransomware attack.


Customers didn’t experience any service interruption, so the restoration was prompt. However, the hackers may have exfiltrated data, which is typical for this type of attack. If that’s the case, we will most probably learn more about it in ten days or so, when the first data samples will leak on the dark web, and the extortion process will intensify.


That is, if UCAR doesn’t pay the actors the ransom they’re demanding. Since this has gone public from UCAR themselves, our guess is that they’re not planning to negotiate a payment with the ransomware actors.


The main issue here is the stolen data, which could involve several sensitive details. To rent a car, one typically has to produce a national ID or passport, a driving license, and debit or credit card details to cover the rental’s security deposit and cost.


In some cases, customers are required to also provide proof of return travel and accommodation information. If UCAR was storing this data in the compromised systems, and if that data wasn’t encrypted, we may soon see a very severe data leak affecting tens of thousands of individuals.


An incident of this extent could also incur large fines by the French data protection office, in accordance with the GDPR. Car rental services like UCAR aren’t going through the best of times right now as the pandemic has crippled their business and greatly decreased reservations. UCAR covers professionals with utility rentals too, but movement restrictions have negatively affected that part of the business.



Source: French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors

Link to comment
Share on other sites

  • Replies 0
  • Views 215
  • Created
  • Last Reply

Top Posters In This Topic

  • mood


Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...