Leak at Ornikar
In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.
- Victim
- Ornikar
- records
- 4.2M
On 24 October 2024, Ornikar — a French online driving school and insurance platform — disclosed that it had been the victim of a cyberattack after an attacker gained unauthorized access to its information system. The breach surfaced when a threat actor using the handle "Magouilleur" advertised an Ornikar customer database for sale on a cybercrime forum, claiming it covered more than 4.2 million unique customer accounts.
The exposed data was personal and contact information rather than financial credentials. According to Ornikar, the compromised records could include:
- First and last name
- Date of birth
- Email address
- Postal address
- Phone number
Ornikar stated that banking data and account passwords were not compromised in this incident. The company notified France's data protection authority, the CNIL, within the regulatory 72-hour window, applied remedial technical measures to close the intrusion, and reinforced its security infrastructure.
Ornikar also warned affected customers to be vigilant against phishing and identity-theft attempts leveraging the leaked details, stressing that it would never request sensitive information by email or SMS. The intrusion was contained, though the leaked dataset remained in circulation among the criminals who advertised it.
Sources
- numerama.comhttps://www.numerama.com/cyberguerre/1832130-lauto-ecole-en-ligne-ornikar-victime-dune-cyberattaque-des-infos-personnelles-ont-fuite.html
- generation-nt.comhttps://www.generation-nt.com/actualites/ornikar-fuite-donnees-cyberattaque-intrusion-2051935
- cnews.frhttps://www.cnews.fr/vie-numerique/2024-10-24/ornikar-ce-que-lon-sait-de-la-fuite-massive-de-donnees-qui-frappe-lauto