Norauto, a French company specializing in automobile maintenance and the sale of vehicle accessories, has just suffer a cyber attack. As researcher Clément Domingo reports on X, the brand is currently warning its customers of a “act of cyber-maliciousness”.
In the email sent to its customers, the firm, which is part of the Mobivia group, indicates that the investigations carried out by its teams show that “personal data specifically linked to our rental service have been targeted”. If you have rented equipment from Norauto, you are potentially affected. The stolen personal data includes the names, first names, postal addresses, email addresses, and telephone numbers of the affected people.
Also read: the data of the Guy Demarle brand was stolen
Hacked ID cards
Worse, cybercriminals have also got their hands on the “ID number” provided by customers wishing to rent equipment. This is particularly sensitive personal information. Armed with your ID card identifier, hackers can pose as you to a bank, a loan company or an operator. Combined with other data, the identity card makes it possible to carry out identity theftthe consequences of which can be dramatic for the victim.
On the other hand, and without much surprise, “the password for your customer account and your banking details” have not been compromised. Norauto claims the attack is based on a security breach. Quickly identified, it was corrected as quickly as possible by the company's teams.
The firm complied with the law in force in France by alerting the National Commission for Information Technology and Liberties (CNIL) to warn it of a “exfiltration of data, constituting a breach of confidentiality”.
Data for sale?
A few days before Norauto's announcement, a hacker put company data up for sale on BreachForums, a black market very popular with cybercriminals. In the publication, consulted by 01Net, the hacker claims to have had access “to an administration panel to manage the payment”. He was thus able to exfiltrate 78,000 lines of data.
Access is sold for 200 euros, compared to 50 euros for the directory. The cybercriminal only posted a tiny sample of the stolen data online. At this time, it is not possible to verify the authenticity of the information. Likewise, we cannot verify whether this is indeed data recently stolen from the company. In any case, Norauto is added to the very long list of French companies hacked in 2024, which notably includes Free, SFR, Picard, Truffaut, Boulanger, and even Le Point.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Related News :