Hyundai Data Breach Exposes Customer Information

Hackers have gained access to personal data for Hyundai customers in both Italy and France. Troy Hunt, founder of HaveIBeenPwned, shared a copy of the communique that was sent out by the South Korean car manufacturer to Twitter earlier today:

The notice reveals that stolen data included email addresses, physical addresses, telephone numbers and vehicle chassis numbers. It also states that the breach did not disclose the financial data or identification numbers for affected customers. However, Hyundai also warns customers to be cautious of unsolicited emails and text messages appearing to originate from them, as they could be the hackers trying to extract further information.

"Although there is no evidence that the data concerned have been used for fraudulent purposes, out of extreme caution, we invite you to pay particular attention and to verify any contact attempt via e-mail, mail and/or text message that may appear to come from Hyundai Italia or by other entities of the Hyundai Group." says Hyundai Italia. It is reported that a similar letter was sent to Hyundai car owners in France, as both countries' branches share the same IT infrastructure.

IT experts were called in to investigate the breach, and have subsequently taken impacted systems offline until additional security measures can be implemented. At this stage, it is unclear how the attackers were able to get into the network, how many Hyundai customers are affected, and critically, whether or not Hyundai branches in other countries are also affected.

It is also worth mentioning that this is not the first cybersecurity incident that Hyundai has suffered. In February 2023, emergency software updates had to be rolled out for several car models after a USB cable hack enabled thieves to steal them. And in December 2022, software bugs in the Hyundai phone app allowed thieves to unlock and start a variety of car models.