Cyber Incident Victim: Speedy France
Date:
Apr 2024
Location:
France
Summary
A French automotive repair company experienced a cybersecurity incident compromising customer personal data, though specific data types were not disclosed. The organization disabled online appointment booking, requiring in-person garage visits, and initiated protective measures with internal experts and specialized partners. Investigations are ongoing, with notification provided to France's data protection authority. Affected customers were directed to contact a dedicated support email address for assistance. The incident occurred amid a surge in cyberattacks targeting French entities that same week, including other businesses and municipal services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Speedy France, a French automotive repair and maintenance company, identified a cybersecurity incident on April 19, 2024, which compromised personal data of customers stored in its databases. The company notified affected clients through a formal communication, acknowledging the breach but did not disclose the specific date of the cyberattack or the exact categories of compromised personal data. In response, Speedy France mobilized internal expert teams and specialized external partners to implement protective measures and conduct forensic investigations. The attack disrupted the company’s online appointment booking system, forcing customers to schedule services exclusively through physical garage locations until further notice. Speedy France reported the incident to France’s data protection authority, the Commission nationale de l’informatique et des libertés (Cnil), in compliance with regulatory obligations. Affected customers experiencing difficulties were directed to contact customer support via email at [email protected]. The company’s public statements emphasized the compromise of “certain personal data” without elaborating on the scope or nature of the exposed information.
The cyberattack occurred against the backdrop of Speedy France’s operational scale, which includes nearly 600 service centers across France and international territories, generating €189 million in revenue in 2022. Owned by Japanese conglomerate Bridgestone since 2016, the company had previously undergone a management buyout in 2011 under President Jacques Le Foll. The incident coincided with a surge in cyberattacks targeting French entities that same week, including lingerie brand Le Slip Français, Cannes’ Simone-Veil hospital, and the municipality of Floirac. Speedy France’s decision to suspend online services reflected immediate containment efforts, though the company provided no timeline for restoring digital appointment functionalities. Investigations remained ongoing at the time of reporting, with no public attribution to threat actors or disclosure of potential operational disruptions beyond the booking system outage.