Skip to content
Data breachContained

Leak at Autosur

Autosur, a major French vehicle-inspection network, suffered a data breach exposing personal and vehicle records of millions of customers — names, emails, postal addresses, phone numbers, license plates and vehicle details — advertised for sale on a cybercrime forum.

Victim
Autosur

On 26 May 2025, Autosur — one of France's largest networks of vehicle technical-inspection (contrôle technique) centres — was confirmed to have suffered a major data breach affecting millions of its customers. The company stated it had identified unauthorized access to certain data on 16 March 2025, after a threat actor advertised a large Autosur customer database for sale on the BreachForums cybercrime forum.

The stolen dataset contained extensive personal information drawn from the company's inspection records. Reported figures for the number of affected customers vary widely across sources, from roughly 4 million to more than 10 million records advertised by the seller.

Exposed data categories included:

  • Full names (first and last)
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Vehicle license-plate (registration) numbers
  • Vehicle details: make, model, identification/serial numbers and prior inspection results

Autosur stated that no banking or payment-card data was involved, as it does not store such information. The company warned customers to stay alert to identity theft, phishing and fraud attempts. It reported the incident to France's data-protection regulator (the CNIL) and filed a complaint with the police.

Sources

  1. autosur.frhttps://www.autosur.fr/information-fuite-de-donnees/
  2. usine-digitale.frhttps://www.usine-digitale.fr/article/autosur-victime-d-une-fuite-de-donnees-4-millions-de-clients-concernes.N2229728
  3. largus.frhttps://www.largus.fr/actualite-automobile/cyberattaque-chez-autosur-une-fuite-de-donnees-d-ampleur-touche-les-clients-du-controle-technique-30039603.html
  4. haveibeenpwned.comhttps://haveibeenpwned.com/Breach/AUTOSUR

Related incidents

Data breachContained

Leak at Mondial Relay

In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.

Victim
Mondial Relay
Data breachContained

Leak at Chronopost

In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.

Victim
Chronopost
Records
860.0K
Data breachContained

Leak at Colis Privé

In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.

Victim
Colis Privé
Data breachContained

Leak at Digital Charging Solutions

In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.

Victim
Digital Charging Solutions