Cyber Incident Victim: Communauto
Date:
Nov 2022
Location:
Canada
Summary
A cyberattack disrupted the car-sharing service's Flex vehicles, temporarily preventing users from initiating or concluding trips, though the issue was resolved within the same evening. The incident compounded existing operational challenges, including severe vehicle shortages due to supply chain constraints affecting new car deliveries and administrative delays in securing dedicated parking spaces. These cumulative issues led to customer dissatisfaction, with some subscribers canceling their memberships due to unmet service demand. The company sought municipal regulatory changes to expedite parking approvals and explored alternative suppliers to address fleet shortages.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 21, 2022, Communauto's Flex car-sharing service experienced a cyberattack that disrupted operations for users across its network. The incident occurred on a Monday, preventing customers from initiating or concluding trips using the company's free-floating Flex vehicles. This service interruption directly impacted users' ability to access vehicles without station reservations, creating immediate transportation challenges. Communauto's vice president of strategic development, Marco Viviani, confirmed the technical issues stemmed from a cyberattack rather than routine maintenance or system errors. The company resolved the cybersecurity incident by the evening of the same day, restoring full functionality to the Flex service platform without disclosing specific technical details about the attack vector or mitigation measures.
The cyberattack compounded existing operational challenges for Communauto, including severe vehicle shortages caused by supply chain disruptions affecting automotive components. Prior to the incident, the company had already faced criticism from subscribers unable to reserve vehicles due to insufficient fleet availability, with only 30% of 800 vehicles ordered before July 2022 delivered for peak summer season. These systemic issues had prompted customer frustration and subscription cancellations, as users paid for services they couldn't reliably access. While the cyberattack's duration was limited to a single day, it occurred during a period of heightened operational stress as Communauto implemented stricter holiday cancellation policies in anticipation of year-end demand surges. The company's public response focused on acknowledging the attack's resolution without detailing investigation outcomes, security enhancements, or potential data compromise.