Customers of Renault and Dacia in the United Kingdom have been notified that sensitive information they shared with the car maker was compromised following a data breach at a third-party provider. With a revenue of more than $55 billion, the French car maker has 170,000 employees and an annual production output of 2.2 million vehicles. Dacia is a subsidiary brand that offers reliable vehicles at an affordable price. Yesterday, both brands informed customers [1, 2] that they were impacted by the cybersecurity incident that occurred at an unamed third party. “We are very sorry to inform you about a cyber-attack on one of our third-party providers, leading to some Renault UK customers’ personal data being taken from one of their systems,” reads the notice. The information that has been exposed includes the following data types: Full name Gender Phone number Email address Postal address Vehicle identification number Vehicle registration number An attacker could use this type of information to target users in phishing campaigns, scams, and other forms of social engineering. The carmaker's notification highlights that banking or financial information has not been exposed due to this incident. Renault's notice to customers Source: Troy Hunt Renault noted that the targeted company has isolated the incident and removed the threat from its networks. Authorities in the U.K., including the Information Commissioner's Office (ICO) have also been informed of the cyberattack. BleepingComputer has contacted Renault to ask about the identity of the third-party supplier and the number of affected customers. A spokesperson for the company said that the number of impacted clients is not yet available and the contract agreement prevents them from disclosing the name of the affected provider. The recipients of the notifications are advised to remain vigilant against unsolicited phone calls and emails, and never share their passwords with anyone. The incident follows the cyberattack at Jaguar Land Rover in the UK, which had a significant impact on operations as the carmaker was forced to halt production for almost a month. That attack also involved data theft, although not many details have been disclosed publicly, and had such an impact that JLR had to take a UK government-guaranteed £1.5 billion loan to restore its supply chain.