cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Europcar denies alleged data breach affecting 50m

Following a hacker’s claims that it had stolen the data of 50 million customers, car rental company Europcar has said that the data breach and alleged stolen data are fake.

user icon Daniel Croft
Thu, 01 Feb 2024
Europcar denies alleged data breach affecting 50m
expand image

As originally reported by BleepingComputer, a threat actor who goes by the name of “lean” on BreachForums made a post claiming to have the data of 48,606,700 users.

Data included “full subdomains, administrator panels and (username, password, full name, address, city, zip, city of birth, city of issuance, passport number, expiration date, driver’s license number, DNi email, number, bank)”.

The threat actor also posted samples of the data belonging to 31 customers as verification of the data’s authenticity.


However, responding to an inquiry from BleepingComputer, Europcar said the breach was fake and that the threat actor had created falsified records using artificial intelligence (AI).

“After being notified by a threat intel service that an account pretends to sell Europcar data on the dark net and thoroughly checking the data contained in the sample, we are confident that this advertisement is false,” said Europcar.

The car rental company said that the number of records listed is different to what Europcar has and that many of the email addresses and other details don’t exist, leading it to believe they are AI-generated.

It also said that none of the listed email addresses are in its database.

Troy Hunt of HaveIBeenPwned agrees that the hacker’s data is flawed and inconsistent with Europcar’s records.

However, Hunt said there is nothing to indicate that it was created using AI, adding that some of the emails are real and have been witnessed in other data breaches.

“We’ve had fabricated breaches since forever because people want airtime or to make a name for themselves or maybe a quick buck,” explained Hunt.

“Who knows, it doesn’t matter, because none of that makes it ‘AI’ and seeking out headlines or sending spam pitches on that basis is just plain dumb.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.