AUTOSUR Data Breach

15/03/2025 · 487,226 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (7 categories) and the volume of affected records (487,226).

Vehicle inspection and service providers can hold data that links a person to a physical asset, which can be attractive to scammers. AUTOSUR, a French vehicle inspection company, experienced a breach that exposed a large collection of customer records.

Even though the number of unique email addresses was smaller than the total record count, the compromised dataset still contained enough information to identify owners and their vehicles. That can enable highly believable outreach such as fake fees, bogus inspection notices, or scam messages about vehicle compliance.

Exposed information included names, email addresses, phone numbers, and physical addresses. It also contained vehicle details like make and model, plus identifiers such as VINs and registration plate numbers.

Reports referenced more than 10 million customer records, with about 487 thousand unique emails. The presence of VIN and plate data can make targeted fraud attempts more persuasive because attackers can cite specific vehicle information.

Exposed data

Email addresses Names Phone numbers Physical addresses Vehicle details Vehicle identification numbers (VINs) Vehicle registration plates

What to do based on this breach

Be skeptical of messages about inspections, fines, or renewals that mention your plate or VIN and verify through official channels

Opt out of marketing where possible and reduce data sharing in vehicle related accounts because phone and address exposure can lead to harassment

Watch for scam invoices or payment links sent by SMS or email using your contact details

If you find incorrect or excessive personal data tied to your record, request review, correction, and processing information under GDPR

What can we learn from this breach?

This breach shows how vehicle identifiers like VINs and plates can amplify scams when combined with names, phone numbers, and addresses. Organizations should practice data minimization, separate vehicle identifiers from contact details, and enforce strong access controls with monitoring. Clear communication after incidents helps people recognize fraud attempts that leverage leaked vehicle data.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

01/10/2025 38,306,562 records high risk

4 data types in common

CarGurus

13/02/2026 12,461,887 records moderate risk

4 data types in common

← All breaches