A threat actor has claimed responsibility for breaching the systems of Europcar, a major vehicle rental service, and exfiltrating a significant amount of sensitive data. The allegations were posted on a dark web forum, where the individual behind the post purportedly detailed the extent of the alleged breach.
According to the post, the alleged cyberattack resulted in the theft of over 37GB of data, including more than 645,000 files and 183,000 folders. The threat actor further claimed to have accessed Europcar’s GitLab repositories, containing critical software components such as Android and iOS applications for Europcar and GoldCar, cloud infrastructure details, internal applications, and SQL backups that reportedly include personal data.
The individual behind the claims also allegedly stated that they had obtained over 269 environment (.ENV) files and website backups. In the post, they warned Europcar that if the company did not make contact, they would begin publishing the purported stolen data on the forum. Additionally, they announced that samples would be selectively distributed to interested buyers before a full release.
