Security

Data Breach Alert: Europcar GitLab Compromise Affects Up to 200,000 Users

tuffbrownboy


Threat actor announces breach of Europcar's GitLab repositories
Hacker shows credentials found in source code​​
Red Report 2025

Overview of the Incident

A recent security breach targeted the GitLab repositories of Europcar Mobility Group, leading to the theft of source code for essential Android and iOS applications. The incident potentially affects personal information of up to 200,000 customers, sending shockwaves through the global customer base of Europcar, which includes prominent subsidiaries such as Goldcar and Ubeeqo.

Details of the Data Compromise

The security breach occurred when an unauthorized hacker accessed and extracted data, including 37GB of sensitive data encompassing company backups and details about Europcar’s cloud infrastructure and internal applications. The hacker threatened to release this information unless a ransom was paid.

Extent of the Stolen Data

  • More than 9,000 SQL files containing personal customer data
  • Approximately 269 .ENV files containing sensitive configuration settings

To substantiate their claims, the hacker published screenshots revealing employee credentials embedded within the stolen source code, affirming the severity of the breach.

Company Response and Impact

Europcar Mobility Group has acknowledged the breach and is currently evaluating the full extent of the implications. While most of the stolen information includes names and email addresses, notably from users of the Goldcar and Ubeeqo services dating back to 2017 and 2020, more sensitive details such as bank information and passwords have not been reported as compromised.

Security Measures and Customer Notification

The company has begun notifying affected customers and has reported the incident to relevant data protection authorities. They are also investigating how the intruder managed to bypass security to access the repositories, suspecting that it may be linked to credential theft involving infostealer malware, a common vector in recent data breaches.

Historical Context and Additional Insights

This breach follows a previous false alarm in 2022, where a claim of a significant breach involving nearly 50 million Europcar customers was later debunked. Moreover, a security researcher last year uncovered a development error that exposed an admin token in the code of Europcar’s mobile applications, revealing potential access to customers’ biometric details.

Key Takeaways

This incident serves as a reminder of the crucial need for robust cybersecurity measures, particularly for companies managing sensitive customer data across international operations.

For ongoing updates and further details on how Europcar is addressing this breach and enhancing security protocols, please follow official communications from the company.

Read the detailed report

Related: Unlock Free Access: OpenAI’s ChatGPT Plus Now Available at No Cost for Students Until May

Last Updated: April 4, 2025

Post Views: 10

Related Posts