Europcar GitLab repository breach exposes data of up to 200,000 customers

The multinational car-rental company Europcar Mobility Group has confirmed a breach of its GitLab repositories where a hacker stole source code for Android and iOS applications along with personal information of up to 200,000 customers.

In late March, a threat actor using Europcar's name as an alias announced they had "successfully breached Europcar's systems and obtained all their GitLab repositories." The hacker claimed to have copied:

• More than 9,000 SQL files with backups containing personal data
• At least 269 .ENV files (used to store configuration settings, environment variables, and sensitive information)

To prove the legitimacy of the breach, the threat actor published screenshots of credentials found in the stolen source code.

The cybercriminal attempted to extort the company by threatening to publish 37GB of stolen data.

BleepingComputer received confirmation that the compromise is real, though the hacker's claim of stealing all GitLab repositories is not entirely accurate—a small portion of the source code was not accessed.

The stolen data primarily includes:

• Names and email addresses of Goldcar and Ubeeqo users
• Some data dating back to 2017 and 2020

According to online statistics, the number of affected customers is estimated to be between 50,000 and 200,000. Importantly, more sensitive information such as bank details, card information, and passwords was reportedly not exposed in this breach.

Europcar Mobility Group is currently assessing the full extent of the damage, notifying all impacted customers and has informed the relevant data protection authority.

The exact method used to gain access to Europcar's code repositories remains unclear, though many recent breaches have been facilitated by credentials stolen through infostealer malware.