Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors

mood

By mood
in Security & Privacy News

Recommended Posts

mood

mood

Posted
Posted

French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors

 

  • UCAR announced a successful cyberattack that had no impact on its operations whatsoever.
  • From what can be deduced, the firm was hit by ransomware actors, so this may have a follow-up soon.
  • If the hackers managed to exfiltrate client data, that would include very sensitive information.

 

ransomware-696x392.jpg

 

‘UCAR,’ the French car rental platform that operates a network of over 150 agencies in mainland France and overseas territories, has announced the news about a cyber-attack that took place at the start of the year. The company stated that the investigation aimed to analyze the nature and impact of the attack is still underway, with the help of a forensic expert firm whom they contracted.

 

In the meantime, the services remain up and available for all clients, as the company has restored from a backup, which is the element that clearly indicates a ransomware attack.

 

Customers didn’t experience any service interruption, so the restoration was prompt. However, the hackers may have exfiltrated data, which is typical for this type of attack. If that’s the case, we will most probably learn more about it in ten days or so, when the first data samples will leak on the dark web, and the extortion process will intensify.

 

That is, if UCAR doesn’t pay the actors the ransom they’re demanding. Since this has gone public from UCAR themselves, our guess is that they’re not planning to negotiate a payment with the ransomware actors.

 

The main issue here is the stolen data, which could involve several sensitive details. To rent a car, one typically has to produce a national ID or passport, a driving license, and debit or credit card details to cover the rental’s security deposit and cost.

 

In some cases, customers are required to also provide proof of return travel and accommodation information. If UCAR was storing this data in the compromised systems, and if that data wasn’t encrypted, we may soon see a very severe data leak affecting tens of thousands of individuals.

 

An incident of this extent could also incur large fines by the French data protection office, in accordance with the GDPR. Car rental services like UCAR aren’t going through the best of times right now as the pandemic has crippled their business and greatly decreased reservations. UCAR covers professionals with utility rentals too, but movement restrictions have negatively affected that part of the business.

 

 

Source: French Car Renting Service ‘UCAR’ Victimized by Ransomware Actors

Link to comment
Share on other sites
  • Views 329
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...