Skip to content
Data breachContained

3,600 Gustave-Auto customers affected by a claimed data leak

Gustave-Auto, a French automotive services platform (vehicle convoyage, fleet management and repairs), disclosed in February 2026 that an access anomaly exposed partner data — names, postal and email addresses, phone numbers, IBAN/BIC banking details and SIRET/VAT numbers — with a tracker claim citing around 3,600 records.

Victim
Gustave-Auto
records
3.6K

On 13 February 2026, Gustave-Auto — a French automotive services platform offering vehicle convoyage (transport), geolocated fleet management and repair services — was reported as the victim of a claimed data leak affecting its registered partners. A breach tracker entry put the exposure at around 3,600 data records.

The company subsequently confirmed the incident publicly. It said it was alerted on 17 February 2026 by a cybersecurity monitoring service that data attributed to Gustave-Auto was circulating online. An internal investigation traced the leak to an access anomaly in its infrastructure, which the company says it corrected within an hour of detection. The cause was an access-control failure rather than a ransomware or extortion event.

The data potentially exposed concerned partners registered on the platform and included:

  • Names
  • Postal addresses
  • Email addresses
  • Phone numbers
  • Banking details (IBAN, BIC)
  • SIRET company-registration numbers
  • VAT numbers

In response, Gustave-Auto ran a full audit of the data-access rules across its infrastructure, restricted platform access to France as a precaution, notified the French data-protection authority (CNIL), and individually emailed all potentially affected partners. A dedicated contact (dpo@gustave-auto.com) was set up for inquiries. The exact number of affected partners was not confirmed by the company; the 3,600 figure originates from the tracker's claim.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-13-gustave-auto
  2. gustave-auto.comhttps://gustave-auto.com/blog/information-importante-suspicion-de-fuite-de-donnees

Related incidents

Data breachOngoing

Leak at Interrail

A December 2025 cyberattack on Eurail B.V., operator of the Interrail and Eurail rail passes, exposed personal data of roughly 308,000 travellers — including names, contact details, dates of birth and passport numbers — which by 2026 was being sold on the dark web.

Victim
Interrail
Records
308.8K
Data breachContained

Data leak at Mingat

On 19 March 2026, French vehicle-rental company Mingat confirmed a data leak affecting its customers, notifying them of a security incident that exposed personal information held in its rental records.

Victim
Mingat