Skip to content
RansomwareOngoing

Leak at Peugeot

In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.

Victim
Peugeot

On 26 December 2024, Peugeot β€” the French carmaker, part of the Stellantis group β€” was named in an extortion claim after the ransomware-as-a-service group Cicada 3301 said it had breached part of the brand's dealership network. The attackers claimed to hold roughly 40 GB of data and threatened to publish it unless a ransom was paid by 6 January 2025.

The compromise reportedly stemmed from intrusions into the IT systems of Peugeot dealerships, concentrated in the Lot-et-Garonne region of south-western France. Rather than encrypting systems, Cicada 3301 relied on data exfiltration and the threat of publication β€” a "double extortion" / leak-only pattern that ANSSI has flagged as a rising threat to sensitive sectors such as automotive.

The data the group claimed to have stolen reportedly included:

  • Scanned identity documents of customers
  • Vehicle identification numbers (VINs) and licence plate numbers
  • Vehicle inventory, production and stock geolocation data
  • Internal dealership records and parts/logistics information

Stellantis confirmed it was "aware of the situation" and said its teams were investigating to understand what had happened. The exposed personal data raised the risk of follow-on phishing and targeted fraud against affected customers. At the time of reporting the incident was unresolved, with the extortion deadline still pending and the full scope under investigation.

Sources

  1. 20minutes.frhttps://www.20minutes.fr/high-tech/4130958-20241226-peugeot-sait-cyberattaque
  2. clubic.comhttps://www.clubic.com/actualite-548036-cyberattaque-des-concessionnaires-peugeot-des-donnees-clients-codes-vin-et-documents-d-identite-voles-par-les-hackers.html
  3. globalsecuritymag.comhttps://www.globalsecuritymag.com/cyberattaque-majeure-40-go-de-donnees-clients-peugeot-aux-mains-des-hackers-de.html

Related incidents

RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis β€” a French inter-municipal IT syndicate serving local authorities β€” on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis
RansomwareContained

Leak at Atos

On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.

Victim
Atos