Cyber Incident Victim: Norauto

On December 2, 2024, French automotive maintenance and repair company Norauto notified customers via email that it had suffered a cyberattack targeting personal data managed by its car rental service. The company described the incident as an "act of cybermalveillance" that resulted in the theft of sensitive customer information, including full names, postal addresses, email addresses, and telephone numbers. Most critically, the attackers exfiltrated identity document numbers provided by customers during rental transactions. Norauto clarified that customer account passwords and banking details remained uncompromised. The breach stemmed from a security vulnerability that the company claimed was "immediately corrected" by its technical teams upon discovery. Norauto reported the incident to France's data protection authority (CNIL) and initiated legal proceedings by filing a police complaint.

Prior to the official notification, a cybercriminal had publicly claimed responsibility for the attack on BreachForums, a hacking forum, one week earlier. The threat actor advertised the sale of 78,000 lines of stolen Norauto data for 50 euros, though only a limited sample was published publicly. The compromised identity document numbers create significant risks for identity theft, enabling malicious actors to impersonate affected customers to target financial institutions or damage reputations. This incident occurred amid a series of data breaches affecting major French companies, including AXA Direct Assurance (exposing 5,800 IBANs via a supplier breach), Auchan (unauthorized access to loyalty program data), and Schneider Electric (compromised development platform). Norauto's breach shares similarities with an April 2024 cyberattack targeting Speedy, another major player in France's automotive repair sector. The company has not disclosed the exact number of affected individuals beyond the attacker's claim of 78,000 records.