After a cyber attack on the car rental company Sixt, the company initially stated that no data had been stolen. Now this assessment had to be corrected.
Mail to affected
Sixt has now informed those affected, whose data was accessed in the course of the attack, about this circumstance by e-mail. One of the sent mails was available to the SPIEGEL, which quoted from it in an article. The mail states, for example, “that the attackers were also able to copy a partial stock of data, including individual customer data.” According to the email obtained by SPIEGEL, data from the car rental company’s loyalty program is affected. It is not known whether other customers were contacted with other mail texts. Thus, it cannot be said with certainty that only data from the aforementioned program was stolen. In this specific case, general data is said to have been copied: Name, address, mail address as well as customer and customer card number. Sixt also states in the email that it cannot be ruled out that further information on specific bookings was also stolen. This includes in particular the place and period of the booking as well as the driver’s license number. However, payment data is not said to be affected. In the mail, Sixt advises to exercise particular caution with regard to phishing attacks that make reference to the data.
Big problems with Sixt
Sixt had initially announced that it had identified the problems associated with the attack at an early stage and had brought them under control. However, the factual difficulties that subsequently arose paint a different picture: In many branches, only credit card payments could be accepted over a longer period of time and contracts could only be booked in manually. In addition, the car rental company’s hotline was unavailable until mid-May.
The ransomware group Black Basta, which is being treated as the successor to Conti, is presumably behind the attack. Leaks from a Ukrainian security researcher recently provided deep insights into the structure of Conti and revealed links to the Russian state.
The Conti group is responsible for attacks on wind turbine manufacturers and the Costa Rican government, among others. Costa Rica declared a national state of emergency in the wake of the cyberattacks.