UK Renault and Dacia customers 'being contacted' in alert

UK Renault customers have been warned that their personal data may have been stolen in the latest cyber attack on a major global business. Renault Group UK has confirmed via email to drivers that a third-party data processing firm they use was targeted by hackers.

The car giant admitted that "some customers' personal data has been taken from one of their systems". Reports suggest that owners and customers of Dacia vehicles, also produced by Renault, may be affected as well.

Renault emphasised that no financial information or passwords were compromised during the breach. However, the accessed data could include customer names, addresses, dates of birth, gender, phone numbers, vehicle identification numbers and vehicle registration details.

• You'll need a high IQ to spot four-leaf clover in less than 15 seconds
• 'I ordered £3 Temu Christmas decoration and couldn't believe what turned up'

The company did not reveal the number of customers impacted by the incident but assured that no direct Renault Group UK systems were breached.

Advice to customers

A spokesperson for Renault UK said: "We are in the process of contacting all affected customers, advising them of the cyber attack and reminding them to be cautious of any unsolicited requests for personal information.

"Concerned customers should consult https://www.renault.co.uk/data-privacy.html or contact our data protection officer at dataprivacy@renault.co.uk."

"We wish to apologise to all affected customers. Data privacy is of the upmost importance to us and we deeply regret that this has occurred."

It comes as rival Jaguar Land Rover (JLR) continues to grapple with the devastating aftermath of a major cyber attack, which forced Britain's biggest car manufacturer to shut down production. Earlier this week, JLR said it expects to resume some manufacturing within "the coming days", a month after the hack brought its factory operations to a standstill.

A string of other firms have also fallen victim to major cyber attacks in recent months, including brewing giant Asahi, high street stalwart Marks and Spencer and nursery chain Kido Schools.

Mike Beevor, chief technology officer at IT services provider Principle Networks, said: "One thing that seems consistent in the reporting and analysis of recent breaches is the involvement, whether directly or indirectly, of the supply chain and third-party connections and connectivity into the breached environments.

"Often, the access of these third parties is controlled and managed by the originating party, which is where the issues begin. Simply put, those third parties are NOT subject to your cybersecurity controls, security posture, identity management, and policies.

Taking back control of those inbound connections, applying the same zero trust principles that you apply to your own users and enforcing least privilege access with a strong identity strategy is the foundation on which you can begin to decrease these attacks, and if not the elimination of breaches, then at least you can minimise the blast radius and damage caused."