Cyber Incident Victim: Communauto

Communauto, a Montreal-based car-sharing service established in 1994, experienced a cyberattack during the 2020-2021 holiday season, with public disclosure occurring on January 9, 2021. Attackers compromised multiple company servers, locking access to systems and encrypting data through unauthorized means. The intrusion resulted in partial data exfiltration, though critical financial information remained secure. Specifically, the attackers failed to access user passwords or credit card numbers stored by Communauto. However, they successfully extracted personally identifiable information including customer names, physical street addresses, and email addresses. The breach timeline suggests sustained attacker activity during a period of reduced organizational staffing typical of holiday operations.

The incident represented a significant operational security failure for Communauto, though the full technical scope of compromised infrastructure remained unspecified in initial disclosures. Company representatives confirmed the attackers employed encryption-based attacks that disrupted server functionality, indicating potential ransomware involvement despite no explicit ransom demand being mentioned. While payment systems and core authentication credentials remained uncompromised, the theft of contact information and residential addresses exposed users to heightened phishing and physical security risks. Communauto provided no detailed public timeline for system restoration or specific containment measures beyond acknowledging the breach's occurrence and limited data impact. No customer-facing service interruptions were explicitly documented in the immediate aftermath reporting.