Renault notifies UK customers of data breach linked to third-party supplier

Stolen data could be used in targeted phishing campaigns, security experts warn

Carmaker Renault has begun notifying an undisclosed number of UK customers that their personal information may have been exposed following a cyberattack on one of its third-party suppliers.

In a post on X, security researcher Troy Hunt shared a copy of the customer notification sent by Renault.

"We are very sorry to inform you about a cyber-attack on one of our third-party providers, leading to some Renault UK customers' personal data being taken from one of their systems," the notification read.

"The third-party provider established that your data was included."

While Renault confirmed that its own internal systems were not compromised, the data exposed in the breach includes a significant amount of personally identifiable information (PII), specifically:

• First and last names
• Gender
• Phone numbers
• Email and postal addresses
• Vehicle identification numbers (VIN)
• Vehicle registration numbers

No financial information or passwords were reported as stolen. However, security experts warn that the stolen data could be used in targeted phishing campaigns. The inclusion of specific vehicle-related data could allow threat actors to craft convincing scams tailored to Renault customers.

In its communication, Renault assured customers that the incident has been contained.

"The third party has confirmed that this was an isolated incident, which has now been contained and removed," the company stated.

"We are working closely with them to ensure that all appropriate actions are being taken. We have notified all relevant authorities."

Gary Cannon, transport practice lead at NCC Group, said the attack should be viewed as part of a broader pattern of cybersecurity breaches targeting critical supply chain links.

"These cases highlight that supply chain security is very much a business priority," said Cannon.

"Greater visibility, proactive detection capabilities, and response plans are essential to prevent widespread financial and operational damage in the instance of an attack."

He said that businesses must scrutinise their vendor relationships: "An organisation is only as secure as the weakest link in its supply chain."

Worrying trend in UK

The Renault breach comes amid a wave of high-profile cyberattacks affecting organisations across the UK and globally.

Earlier this year, British retailers M&S and the Co-op suffered significant supply chain disruptions due to breaches involving third-party vendors.

Jaguar Land Rover (JLR) has been forced to halt production and secure a £1.5 billion government-underwritten loan after suffering a major cyberattack in August.

The trend is not isolated to manufacturing and retail.

A nursery chain, Discord, Google, Cisco and Workday have all disclosed data breaches over the past few months, many stemming from social engineering and phishing attacks targeting external partners.

Multiple European airports experienced extended disruptions last month following a ransomware attack on Collins Aerospace, a key supplier to the aviation industry.

Security experts are urging companies to implement stronger vendor oversight, including regular audits, contractual security obligations, and integrated incident response protocols that span the entire supply chain.

For now, Renault UK customers impacted by the breach are being advised to remain vigilant for suspicious messages and to report any suspected phishing attempts to the company and relevant authorities.