By Ashwani Mishra, Editor-Technology, 63SATS
Imagine renting a car for a weekend getaway. You book through an app, upload your ID, enter payment details, and share your location—all with a few taps. Now, imagine that data—your personal identity, trip logs, and payment info—slipping quietly into the hands of a cybercriminal halfway across the globe. In the digital age, car keys aren’t the only thing being handed over—your privacy is, too.
The rental mobility sector is now facing a rising wave of cyberattacks. From global brands like Europcar and Avis to regional giants like Rapido and 13cabs, hackers are targeting mobility services not just to cause disruption, but to exploit the treasure troves of sensitive data they collect.
Europcar – Cracked at the Core
In a recent breach, Europcar Mobility Group, a leading multinational car rental company, was hit by a threat actor who accessed its GitLab repositories. The breach exposed over 9,000 SQL files and hundreds of sensitive configuration (.ENV) files, affecting potentially 200,000 customers.
The attacker even used the company’s name as an alias on underground forums—mocking the very brand it had breached. The stolen data may include app code, cloud infrastructure details, and customer PII (Personally Identifiable Information), a chilling reminder that in the world of car rentals, even backend systems aren’t safe.
Avis – America’s Giant, Breached
In September 2024, Avis faced a serious data breach affecting nearly 300,000 customers. The intrusion, identified in early August, compromised one of its core business applications. Customers were informed that names, emails, and possibly financial details were stolen. Avis acted swiftly—launching an investigation, engaging cybersecurity experts, and alerting regulators. But the damage was done.
13cabs – Australia’s Taxi Titan Under Attack
Australia’s largest taxi service, 13cabs (also running Silver Service), disclosed suspicious account activity in March 2025. Though the company didn’t confirm a full-scale breach, it acknowledged a “sophisticated unauthorized” attempt to compromise user accounts. The ambiguity around the scope raised concern among users. Hackers are now probing not just apps, but customer trust, exploiting weak points in authentication, session management, or legacy systems.
Rapido – A Simple Form, a Massive Leak
In December 2024, Rapido, India’s fast-growing bike and rickshaw-hailing app, exposed personal data through something as trivial as a feedback form. As reported by TechCrunch, a security flaw in a website form left user and driver data—names, contact details, and location info—publicly accessible. The breach was discovered by ethical hacker Renganathan P., but what if it had fallen into malicious hands?
Why the Ride-Hailing Sector Is a Goldmine for Hackers
What makes these services so attractive to cybercriminals? In one word: data.
Mobility apps collect real-time location, government-issued IDs, payment details, and behavioral patterns. These aren’t just numbers; they’re digital reflections of a user’s identity and movement. Combine that with high user volumes and frequent transactions, and you have a goldmine.
Furthermore, many rental services integrate third-party systems for navigation, payments, and booking—broadening the attack surface. As companies focus on UX and market expansion, cybersecurity often becomes an afterthought. And hackers know it.
The Human Cost Behind the Data
When cybersecurity breaches hit mobility platforms, it’s not just about databases and servers. It’s about people. A freelance photographer who booked a car through Avis may now be fending off identity theft. A tourist in Sydney using 13cabs could now have their card cloned.
These are not faceless numbers—they’re everyday people whose trust has been broken.
When Convenience Meets Consequence
Using a ride-hailing app feels as simple as unlocking a vehicle with a digital key. But with every trip, users entrust companies with more than just their destination—they hand over pieces of their digital lives. If not protected, those digital keys can unlock doors for cybercriminals.
Because in today’s digital journey, it’s no longer just about who’s behind the wheel—but also who’s lurking behind the screen.
