Europcar denies data breach affecting 50 million customers — says ChatGPT is to blame in creating fake data

fleet management
(Image credit: Photo by Alexander Popov on Unsplash)

Europcar has said that a data breach affecting millions of its customers is fake. 

A threat actor was discovered selling a database on a well-known underground forum which they claimed holds the records of close to 50 million customers of the car rental firm. The sample they shared shows apparent names, addresses, license numbers, and bank details among the information.

However, after BleepingComputer contacted Europcar, the firm claimed the breach is not real, adding the data was likely spoofed using AI tools such as ChatGPT.

AI generated?

Europcar says it arrived at this suspicion as the, "addresses don't exist, ZIP codes don't match, first name and last name don't match email addresses, email addresses use very unusual TLDs."

What's more, the company also stated that "none of these email addresses are present in our database."

There are mismatches between usernames and emails, and some addresses have been made up, such as "Lake Alyssaberg, DC" and "West Paulburgh, PA." Also, addresses and phone numbers pertain to regions in the US, while many of the corresponding email addresses are foreign.

HaveIBeenPwned creator Troy Hunt chimed in on X, tweeting that while he believes the data is fake, it isn't necessarily AI-generated, pointing out that some of the email addresses contained in the dataset are real - they've just appeared in previous, unrelated data breaches monitored by the site. 

He also said that "we've had fabricated breaches since forever," not just since the AI boom we're experiencing right now. There are also various services that can easily create fake datasets that look convincing on the surface, for the purposes of creating XML documents and anonymizing data, among others. 


Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.