Skip to content
Data breachContained

Leak at Norauto

On 2 December 2024, French automotive retailer Norauto disclosed a cyberattack on its vehicle-rental service that exposed personal data of about 78,000 customers, including names, contact details and, in some cases, ID-document numbers; the dataset was put up for sale on BreachForums.

Victim
Norauto
records
78.0K

On 2 December 2024, Norauto — the French automotive parts, maintenance and services retailer — informed customers by email that it had been the victim of a cyberattack exposing personal data belonging to roughly 78,000 people. The company said the breach specifically targeted its vehicle-rental service rather than its full customer base.

The exposed data was drawn from information provided during rental transactions and varied by individual. Affected records reportedly included:

  • First and last names
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Identity-document numbers (in some cases)

Shortly after the disclosure, an actor advertised a dataset of about 78,000 Norauto records for sale on the BreachForums underground marketplace, reportedly for as little as €50. The figures and timing matched earlier claims circulating since September 2024, which some researchers linked to the "Frérots K" group.

Norauto said it had taken security measures to stop the leak and harden its systems, communicated with affected customers, and notified France's data-protection authority, the CNIL, as required by law.

Sources

  1. linformaticien.comhttps://www.linformaticien.com/magazine/cybersecurite/62768-fuite-de-donnees-78-000-comptes-clients-norauto-compromis.html
  2. auto-infos.frhttps://www.auto-infos.fr/article/les-donnees-de-78-000-clients-de-norauto-piratees-et-deja-en-vente.285000
  3. lsa-conso.frhttps://www.lsa-conso.fr/norauto-victime-a-son-tour-d-une-fuite-de-donnees-78-000-clients-concernes,458374
  4. francesoir.frhttps://www.francesoir.fr/societe-science-tech/norauto-vise-par-une-cyberattaque-fuite-des-donnees-de-78-000-clients

Related incidents

Data breachOngoing

Leak at Interrail

A December 2025 cyberattack on Eurail B.V., operator of the Interrail and Eurail rail passes, exposed personal data of roughly 308,000 travellers — including names, contact details, dates of birth and passport numbers — which by 2026 was being sold on the dark web.

Victim
Interrail
Records
308.8K