What happened
Equipment rental company Loxam reported that customer data may have been stolen through a third-party software system it uses for planning equipment deliveries. According to the company’s disclosure, the incident was detected and contained, and an investigation was initiated to determine the origin and extent of the breach. Loxam stated that its inquiry, which involves collaboration with the software provider and independent cybersecurity experts, indicates that none of the stolen data is likely to harm its clients. Operations at Loxam were not disrupted by the security issue, and the breach has been reported to relevant authorities. The company continues to investigate the incident and assess the potential impact on customer information.
Who is affected
Customers of Loxam whose data was stored in the affected third-party software system are potentially affected by the unauthorized access, although the company said the exposed data is not likely to be harmful.
Why CISOs should care
Breaches involving third-party software systems used for operational planning highlight the ongoing risk posed by supply-chain and partner infrastructure to customer data security, even when core business operations remain intact.
3 practical actions
- Review third-party software access. Assess what customer data is held in partner systems and access controls in place.
- Enhance breach investigation. Continue forensic analysis with independent experts to determine full scope.
- Communicate with stakeholders. Keep customers and authorities informed about breach status and data exposure.