Data breach at Europcar: GitLab hack affects up to 200,000 customers

A hacker gained access to the GitLab repositories of the Europcar Mobility Group car rental company. The hack resulted in the theft of the personal details of some 200,000 customers and the source code for the Android and iOS applications. The attacker extorted the company by threatening to publish 37GB of stolen data. The data breach has since been reported to the authorities.

Europcar is a subsidiary of Green Mobility Holding, which also operates Goldcar and Ubeeqo. The company has a vast customer base and operates in 140 countries worldwide. This means that a data breach at Europcar could have significant consequences.

Stolen SQL backups and configuration files

At the end of March, a hacker successfully penetrated Europcar’s systems. The consequence for Europcar is a significant data breach. The hacker gained access to all of their GitLab repositories. The attacker claims to have copied more than 9,000 SQL files with backups of personal data. He also copied at least 269 .ENV files. These ENV files are used to save configuration settings and environment variables. They also contain sensitive information.

To prove that it was an actual hack, the attacker published screenshots. These showed credentials that were present in the stolen source code. Europcar has confirmed the hack and the data breach to BleepingComputer.

Also read: Huge X data leak affects over 200 million users

Extent of Europcar data breach

Although the full extent of the damage is still being investigated, the stolen data is limited to the names and email addresses of Goldcar and Ubeeqo users. Sensitive information such as bank details, credit card details, or passwords have not been exposed. All affected customers are currently being informed. Europcar has also informed the relevant data authorities of the data breach.

BleepingComputer states that, based on online statistics, the number of affected customers is between 50,000 and 200,000. Some data dates from 2017 and 2020. So it could turn out to be higher.

Top story

Three decades of Check Point (and cybersecurity): a conversation with Gil Shwed

Inventor of firewall discusses state of cybersec industry

Sander Almekinders April 22, 2025

Tech calendar

.NEXT 2025

May 7, 2025 Washington

LambdaConf 2025

May 12, 2025 Estes Park

Tech career

Whitepapers

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Are you data and AI ready?

Discover the essential strategies and imperatives to create a data an...

Data breach at Europcar: GitLab hack affects up to 200,000 customers

Stolen SQL backups and configuration files

Extent of Europcar data breach

Stay tuned, subscribe!

Cisco ThousandEyes: resilient networks start with global insight

Three decades of Check Point (and cybersecurity): a conversation with Gil Shwed

Veeam launches framework to close data resilience gap

NetSuite expands AI capabilities to boost efficiency for organizations

Infor Now 2023: Industry-specific ERP, now with RPA

The heart of IFS beats in Sri Lanka

SAS Innovate 2025

.NEXT 2025

LambdaConf 2025

Qlik Connect 2025

Red Hat Summit

Kaseya DattoCon Europe

Cloud Account Executive – Slack

AI & Data Architect

Try the latest high-end Synology backup system for free

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?