Cyber Incident Victim: Autosur

Autosur identified a security incident involving unauthorized access to certain data and determined that the breach resulted in access to personal information including names, first names, email addresses, postal addresses, phone numbers, and license plate numbers associated with customer accounts. The company stated that it does not hold banking data, so those details were not exposed. Upon discovery, Autosur took immediate measures to halt the incident and to strengthen the protection of its information systems. It subsequently fulfilled its legal obligations by notifying the CNIL and filing a complaint with police authorities. The incident and its origin are presently under investigation by the police services. Autosur communicated the breach to affected individuals by beginning to send emails to those whose data were compromised, although it had not issued any broader public statement at the time of the initial reports.

The company did not respond to follow‑up requests for comment from journalists seeking further details. The CNIL confirmed that Autosur had submitted a valid data breach notification, confirming that the event met the regulatory threshold for reporting. According to information shared by Zataz, the compromised data set includes names, postal addresses, phone numbers, email addresses, encrypted passwords, vehicle serial numbers, license plate numbers, and possibly internal company data. The stolen data were already being offered for sale on dark‑net markets, with the hackers claiming the archive size to be approximately three gigabytes. Autosur operates more than nine hundred vehicle inspection centres across France and maintains partnerships with several insurers, namely Macif, Groupama, and Axa. The Autosur breach occurred a few months after the Free Mobile incident that affected roughly twenty million subscribers, marking another notable data‑security event in the French telecommunications and services sector.