Cyber Incident Victim: RDC
Date:
Mar 2021
Location:
Netherlands
Summary
A Dutch automotive services provider suffered a data breach exposing personal and vehicle details of millions of car owners, including names, addresses, contact information, birth dates, and vehicle registration data. The compromised records, totaling 7.3 million entries with 2.3 million containing email addresses, were offered for sale on a cybercrime forum for $35,000. Security experts warned the stolen information posed significant risks beyond phishing campaigns, particularly enabling targeted vehicle theft by criminal groups. The affected organization confirmed unauthorized access to approximately 60% of its customer database, initiated an investigation with cybersecurity specialists, and reported the incident to authorities upon discovering the unauthorized data disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 25, 2021, Dutch garage and maintenance services provider RDC confirmed a data breach after personal and vehicle details of 7.3 million Dutch car owners were listed for sale on a cybercrime forum. The threat actor advertised the database for $35,000, claiming it contained 7.3 million entries with 2.3 million including email addresses. Dutch television station NOS verified the data's authenticity through local sources and interactions with the seller. The compromised information included names, home addresses, email addresses, telephone numbers, dates of birth, vehicle registration numbers, car makes and models, and license plates. Security experts reviewing the samples warned that the dataset posed significant risks beyond typical spam or phishing operations, emphasizing its potential utility for carjacking gangs seeking to target high-value vehicles across the Netherlands based on owner locations and vehicle specifics.
RDC stated it became aware of the breach only after the data appeared online and had no prior knowledge of the intrusion. The company's preliminary investigation indicated attackers accessed approximately 60% of its customer records. RDC promptly notified Dutch authorities and engaged cybersecurity firm Fox-IT to conduct a full investigation into the incident. The breach exposed sensitive information enabling both digital threats like targeted phishing campaigns and physical risks such as coordinated vehicle thefts. No additional details regarding the intrusion methods, timeline of unauthorized access, or identity of the threat actor were disclosed in the company's initial statement. The incident highlighted vulnerabilities in safeguarding large-scale automotive ownership databases containing geolocational and asset-specific information.