Yet again, hackers have stolen personal data from a automotive related company and offers to sell it on a cybercrime forum. The company that was breached is a Dutch company, RDC, who provides car maintenances with IT services. According to the Dutch television station, NOS, the data include details that could be used to identify car owners and their names, address, e-mail, telephone number, date of birth, the type of car they drive and their licence plate as well as their vehicle’s registration number.

When Dutch Broadcast Foundation (NOS), in their research, engaged with the seller they were offered a price at $35’000 for the entire dataset, which authenticity also has been confirmed with local sources by Accordingly, the dataset concerns traceable data of approx. 7.3 million people, some of which appear more than once. E-mail addresses were present in approx. 2.5 million cases, allowing for phishing and spam attacks by potential buyers. The dataset also allows for car thieves to locate and target luxury cars across the Netherlands.

RDC confirmed the security breache the day after the data were posted online and said that approx. 60 % of its customer entries have been leaked, and that they (RDC) were unaware of the attack until the data were up for sale. “We have now brought in Fox-IT, an expert in the field of cyber security, to investigate with us how the data ended up outside our domain. We are also in contact with the police to report the crime.”(From the statement posted on website (in Dutch)).

Written by Joakim Rosell.