Renault UK customers are being warned their personal data may be in criminal hands after one of its supplier was hacked.

In an email sent to affected individuals this week, seen by The Register, the French carmaker said attackers accessed the supplier’s systems and made off with customer details including names, gender, phone numbers, email and postal addresses, and vehicle registration and identification numbers.

“Your data was included, which means the attackers have access to some or all of the following information,” states the letter. Renault stressed that no bank details were involved, since the supplier in question did not hold financial records.

Renault UK boss Adam Wood tried to calm nerves, stressing that the crooks hadn’t touched the company’s own kit. The stolen data, he said, came from a third-party supplier, not Renault’s systems. “None of our own systems have been compromised,” Wood insisted.

According to posts on online forums, customers of Renault’s sister brand Dacia have also received similar warnings.

Renault did not confirm how many customers are affected and has not answered questions from The Register about the scale of the digital break-in or the identity of the breached supplier. The company’s message states the incident has been “contained and removed” and the vendor is taking “all appropriate actions.” 

The breach has been reported to regulators, according to Renault.

An ICO spokesperson told us: “Renault UK has reported an incident and we are making enquiries.”

Naturally, customers are being advised to watch out for unsolicited messages requesting personal information. “You should never share your passwords online or on the phone – Renault UK will never ask you for this information,” the letter warns.

The breach comes against a backdrop of mounting attacks on the automotive sector, with carmakers proving a rich target thanks to the mountains of personal data gathered during sales, servicing and financing. 

JLR stuck in neutral as losses skyrocket amid cyberattack cleanup

READ MORE

Jaguar Land Rover learned that lesson the hard way last month, when attackers breached its systems to pilfer troves of data. The fallout was severe enough that the company has been forced to halt production lines at multiple sites as it scrambles to contain the incident. The disruption this week prompted the UK government to step in with a loan package, underlining just how critical the manufacturer is to the wider economy.

Stellantis, meanwhile, admitted weeks ago that one of its suppliers had suffered a cyber intrusion, exposing the details of its North American customers. 

Renault’s letter to customers wraps up with the usual apology.

“Data privacy is of the utmost importance to us. We deeply regret that this has occurred and wish to apologise again,” it states, pointing customers with questions to Renault’s privacy policy page or its Data Protection Officer.

For now, Renault drivers can only hope the stolen files don’t end up in the usual dark web dumps or phishing campaigns. Without clarity on how many customers are affected or who was breached, the incident adds another reminder that even if your bank details are safe, the rest of your personal data is often just one supplier compromise away from exposure. ®