Europcar’s 48 million clients data breach turns out to be a fake

The information surfaced in a widely recognised hacking forum about a purported collection of data stolen from the major car rental company Europcar. Alleged hackers claimed to have acquired personal information from over 48 million Europcar customers and expressed a willingness to sell the hacked data to interested parties. However, Europcar representatives have clarified that the claim appears to be completely fake – perhaps even created with ChatGPT.

Europcar spokesperson Vincent Vevaud stated that the company investigated the reported breach upon receiving an alert from a threat intelligence service about the forum post.

He shared via email that, after a thorough examination of the data sample, they are confident the advertisement is false. Vevaud pointed out the inaccuracies, such as the incorrect number of records, inconsistencies with their data, and the likelihood that the sample data was generated by ChatGPT (nonexistent addresses, mismatched ZIP codes, unusual top-level domains in email addresses). Importantly, he emphasized that none of the email addresses in the sample were found in their customer database.

In an online chat, the hacking forum user said that the data is genuine but provided no evidence to support this claim. In their forum post, the user stated that the data comprised usernames, passwords, full names, home addresses, ZIP codes, birth dates, passport numbers, driver’s license numbers, and other information.

The online-posted sample data seems to be illegitimate, as indicated not only by Europcar but also by Troy Hunt, the operator of the data breach notification service “Have I Been Pwned”.