Leak at Peugeot
In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.
- Victim
- Peugeot
On 26 December 2024, Peugeot β the French carmaker, part of the Stellantis group β was named in an extortion claim after the ransomware-as-a-service group Cicada 3301 said it had breached part of the brand's dealership network. The attackers claimed to hold roughly 40 GB of data and threatened to publish it unless a ransom was paid by 6 January 2025.
The compromise reportedly stemmed from intrusions into the IT systems of Peugeot dealerships, concentrated in the Lot-et-Garonne region of south-western France. Rather than encrypting systems, Cicada 3301 relied on data exfiltration and the threat of publication β a "double extortion" / leak-only pattern that ANSSI has flagged as a rising threat to sensitive sectors such as automotive.
The data the group claimed to have stolen reportedly included:
- Scanned identity documents of customers
- Vehicle identification numbers (VINs) and licence plate numbers
- Vehicle inventory, production and stock geolocation data
- Internal dealership records and parts/logistics information
Stellantis confirmed it was "aware of the situation" and said its teams were investigating to understand what had happened. The exposed personal data raised the risk of follow-on phishing and targeted fraud against affected customers. At the time of reporting the incident was unresolved, with the extortion deadline still pending and the full scope under investigation.
Sources
- 20minutes.frhttps://www.20minutes.fr/high-tech/4130958-20241226-peugeot-sait-cyberattaque
- clubic.comhttps://www.clubic.com/actualite-548036-cyberattaque-des-concessionnaires-peugeot-des-donnees-clients-codes-vin-et-documents-d-identite-voles-par-les-hackers.html
- globalsecuritymag.comhttps://www.globalsecuritymag.com/cyberattaque-majeure-40-go-de-donnees-clients-peugeot-aux-mains-des-hackers-de.html