Leak at Indigo
In April 2025, French parking operator Indigo disclosed a breach after attackers accessed its information systems and stole customer names, postal and email addresses, phone numbers and vehicle license plates; no banking data or passwords were affected.
- Victim
- Indigo
On 18 April 2025, Indigo — one of the world's largest parking operators, present in more than 750 cities and managing over 2.5 million parking spaces — notified customers that malicious actors had gained unauthorized access to its information systems and exfiltrated personal data. The company informed affected users individually by email, including customers outside France such as in Belgium.
The intrusion exposed customer contact details and, where users had registered them, vehicle license plates. Indigo stated that no banking data, passwords, or account-access credentials were compromised, and that Indigo Neo accounts remained protected.
Exposed data categories included:
- First and last name
- Postal address
- Email address
- Phone number
- Vehicle license plate number (where provided)
Security researchers and the press highlighted a specific risk for affected drivers: exposed license plates can be cloned ("doublettes"), exposing victims to fines for speeding, parking or low-emission-zone violations they did not commit, as well as phishing and identity-theft attempts.
Indigo filed a criminal complaint with prosecutors, notified France's data protection authority (CNIL) in line with its legal obligations, and engaged cybersecurity specialists to investigate. The company reported that services continued operating normally, that it had reinforced its security measures, and that no fraudulent use of the stolen data had been observed at the time of disclosure. No ransomware was mentioned in connection with the incident.
Sources
- group-indigo.comhttps://www.group-indigo.com/en/indigo-incident-alert/
- zataz.comhttps://www.zataz.com/faille-chez-indigo-des-donnees-personnelles-exposees-la-cybersecurite-en-alerte/
- usine-digitale.frhttps://www.usine-digitale.fr/article/le-specialiste-du-parking-indigo-victime-d-une-fuite-de-donnees-personnelles.N2230951
- next.inkhttps://next.ink/brief_article/stationnement-vol-de-donnees-au-sein-du-groupe-indigo/