Renault UK Notifies Customers of Data Breach via Third-Party Provider

Renault UK has informed its customers about a data breach resulting from a cyberattack on a third-party service provider, which has led to unauthorized access to sensitive customer information.

The exact number of affected individuals has not been disclosed, but exposed data includes names, contact details, home addresses, and vehicle identifiers.

The incident came to light through customer notifications signed by Adam Wood, Managing Director of Renault Group UK, who confirmed that the breach did not originate from Renault or Dacia's own systems. Instead, it was confined to a yet-unnamed external vendor whose systems were compromised in a now-contained attack. The compromised information includes:

• Full names and gender
• Phone numbers and email addresses
• Postal addresses
• Vehicle Identification Numbers (VIN)
• Vehicle registration details

The firm emphasized that no financial data, such as bank or payment details, were involved, as these are not stored by the affected third party. While the nature of the cyberattack remains undisclosed, the compromised data is sufficient to be abused for targeted phishing or identity-related scams.

Data breach at @renault_uk, it’s that damn “third-party” again! pic.twitter.com/wCxA7khB42

— Troy Hunt (@troyhunt) October 2, 2025

Renault Group UK is the regional arm of the French automotive giant Renault S.A., overseeing operations for both the Renault and Dacia brands in the United Kingdom. Dacia, a Romanian car manufacturer owned by Renault, offers a range of budget-friendly vehicles and maintains a substantial market presence across the UK, particularly among cost-conscious consumers.

The breach follows a familiar pattern seen in recent months, where automotive firms become collateral damage through attacks on external service providers. In its message, Renault noted that the incident had been contained and that all relevant regulatory bodies had been notified. However, it did not specify when the breach was first detected or how long attackers may have had access to the compromised environment.

Customers are being advised to remain vigilant for suspicious messages or calls and avoid sharing personal information with unverified contacts. The firm recommends heightened caution when responding to unsolicited communication involving vehicle or personal data, given the specificity of the exposed records.

The timing of this disclosure closely follows a larger and more disruptive incident involving Jaguar Land Rover (JLR), which last month suffered a cyberattack that crippled internal operations and halted production for several weeks. In that case too, the attackers, believed to be Scattered LAPSUS$ Hunters, stole “some” internal data, which might also include customer information.