CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Renault and Dacia UK Customers Affected by Third-Party Data Breach

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Timeline

  1. 03.10.2025 18:52 2 articles · 9d ago

    Renault and Dacia UK Customers Notified of Third-Party Data Breach

    The third-party provider was targeted in the incident, as reported by security researcher Troy Hunt on X (formerly Twitter). The attack is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER. Renault emphasized that its own systems were not compromised in this incident. Dacia customers were also impacted by the breach.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Metropolitan Police Arrest Two Teens for Ransomware Attack on London Nursery Group

Two teenagers were arrested in connection with a ransomware attack on the Kido nursery group in London. The attackers, identifying as 'Radiant,' attempted to extort £600,000 in Bitcoin after stealing data from around 8,000 children and their families. The data was accessed via the nursery's Famly account, though the app provider confirmed no breach of its infrastructure. The attackers posted photos of some children on the dark web but later claimed to have deleted them. The Metropolitan Police, working with Action Fraud, arrested the suspects in Bishop’s Stortford, Hertfordshire. The investigation is ongoing, with the UK NCSC Director for National Resilience describing the incident as "deeply distressing."

Open in new tab

Discord User Data Compromised in Third-Party Breach

Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.

Open in new tab

WestJet data breach impacts 1.2 million customers

WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers. The breach was first identified on June 13, 2025, and the data breach notification was sent to the Office of the Maine Attorney General on September 29, 2025.

Open in new tab

Harrods Data Breach via Third-Party Provider

Harrods, a luxury British department store, disclosed a new data breach affecting 430,000 online customers. The breach involved the compromise of a third-party provider's system, leading to the exposure of names, contact details, and internal marketing tags and labels. The incident was isolated and contained, and no account passwords, payment details, or order histories were compromised. The breach is not connected to a previous incident in May, where unauthorized access attempts were detected. Four individuals were arrested in July for suspected involvement in cyberattacks against Harrods and other major British retailers. This breach is part of a series of recent cyberattacks targeting high-profile British businesses, including Jaguar Land Rover and Kido nursery chain.

Open in new tab

Volvo NA Employee Data Stolen in Miljödata Ransomware Attack

Volvo Group North America (Volvo NA) has suffered a data breach through a third-party HR software provider, Miljödata. The breach occurred in August 2025 when the DataCarry ransomware group compromised Miljödata's cloud infrastructure, affecting hundreds of customers and millions of individuals. Volvo NA's employee names and Social Security numbers (SSNs) were stolen and potentially published on the Dark Web. The incident highlights the broader impact of supply chain attacks on large organizations and their employees. The attack on Miljödata, which provides HR software to numerous Swedish municipalities and companies, resulted in the exposure of sensitive data for over 1.5 million individuals. The breach underscores the vulnerabilities in centralized, multi-tenant cloud infrastructure and the potential for significant reputational and operational damage.

Open in new tab