Skip to content
Data breachContained

Groupe CGA: 65,000 customers and 2,500 employees included in a data leak

On 4 May 2026, the threat actor DumpsecV2 claimed a breach of French automotive dealership group Groupe GCA, exposing data on roughly 65,000 customers and 2,500 employees, including names, contact details and vehicle information such as registration numbers and VINs.

Victim
Groupe CGA
records
65.0K

On 4 May 2026, Groupe GCA β€” a French automotive dealership group based in Cholet that operates around 130 sales and bodywork sites across the Pays de la Loire region and Belgium β€” was named in a data leak claimed by the threat actor DumpsecV2 (also reported as "DumpSec"), who posted a structured database on a cybercrime forum.

According to the company, the intrusion targeted its online maintenance-contract registration platform around 30 April 2026 and was discovered the following week when the data surfaced on the darknet. Internal networks were reportedly not affected, and the dealerships continued normal operations.

The leak is reported to involve roughly 65,000 customers and 2,500 employees. Exposed data categories included:

  • Customer names, postal addresses and phone numbers
  • Vehicle details such as registration numbers, VINs and mileage
  • Maintenance-contract and commercial information
  • Employee names, phone numbers and internal organisational details

Groupe GCA stated that banking information, identity-document copies and email addresses were not compromised. The group notified affected customers by email (around 50,000) and post, filed a complaint with cybercrime authorities, and reinforced its security controls. As the breach was scoped to the maintenance platform and contained, no broader system compromise has been confirmed.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/groupe-cga-65-000-clients-et-2-500-employes-presents-dans-une-fuite-de-donnees/
  2. ici.frhttps://www.ici.fr/pays-de-la-loire/pays-de-la-loire-plus-de-60-000-clients-touches-par-une-fuite-de-donnees-le-groupe-gca-rassure-8375140

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K