Adding to a long blacklist, Norauto has just been the victim of a hack; with a theft of personal data of the company’s customers. Among them, the numbers of their identity cards. Highly sensitive information…
The wave of piracy continues to sweep over French companies, and brands are not spared! After Boulanger, Truffaut, Picard, Cultura, Auchan, Molotov, Le Point, Mediboard, La Banque de France, but also the telephone operators Free and SFR, it is Norauto’s turn to bear the brunt of a cyberattack! As cybersecurity researcher Clément Domingo reports on “act of cyber-maliciousness”. She indicates that “personal data specifically linked to our rental service have been targeted”, namely the names, first names, postal addresses, email addresses and telephone numbers of customers, as well as… the numbers of their identity document!
Norauto hacking: a high risk of identity theft
The automotive brand identified and corrected the security flaw that allowed hackers to infiltrate the systems. A report to the CNIL was made, as is customary. The number of people affected by the leak is still unknown. But if Norauto wants to be reassuring by indicating that passwords and banking information have been spared, the situation is particularly worrying because of the theft of identity document numbers. Indeed, this information can allow cybercriminals to usurp the identity of victims from banks, lending organizations or operators. Combined with other information, the consequences can be even more dramatic.
To make matters worse, a hacker put company data up for sale a few days before the hack was announced on BreachForums, a black market popular with cybercriminals. He claims to have had access “to an administration panel to manage the payment”which allowed him to exfiltrate no less than 78,000 lines of data. It offers the acquisition of access for 200 euros, while the directory is only 50 euros. However, it is impossible to verify their authenticity.
This umpteenth hack is part of the wave of computer intrusions which have hit many French companies in recent months – a summary is available here. At the beginning of November again, Free was the victim of a new intrusion, which resulted in the theft of the personal data of millions of subscribers, including IBANs… Particularly sensitive information! This new leak only adds to the already well-stocked databases on the Dark Web.