Loxam, Europe's largest equipment rental company, officially confirmed a data breach on February 4, 2026. The incident involves the theft of sensitive logistical and customer data through a vulnerability in a third-party software system used by the company for delivery planning. While Loxam has stated that "none of the stolen data is likely to harm clients," cybersecurity researchers have flagged the leak as a potential high-risk physical security threat.

Puteaux-based Loxam operates across 30 countries with over 1,000 branches. Given the company's role in supplying heavy machinery to national security sites, nuclear facilities, and major infrastructure projects, the exposure of precise delivery routes has raised significant concerns among European defense and logistics analysts.

The "HexDex" Listing: 60GB of Operational Intel

Following Loxam's disclosure, a threat actor operating under the handle HexDex claimed responsibility for the exfiltration. The hacker posted a 60GB dataset for sale on a prominent dark web forum. According to security firm DarkWebInformer, the leaked data includes:

• 94,735 Delivery Routes: Detailed transit paths spanning from January 2020 to February 2026.
• 828,000 Stop Points: Precise GPS coordinates and addresses for equipment drop-offs.
• Vehicle & Driver Metadata: License plate numbers, driver names, and phone numbers.
• Sensitive Client Details: Shipping addresses and contact info for B2B clients across France, Spain, and Algeria.

Physical Security Risks: Beyond Digital Theft

The Loxam breach is unique because its primary danger is physical rather than financial. Security experts at Brinztech have highlighted several "real-world" attack vectors enabled by this data:

1. National Security Exposure

The dataset reportedly contains delivery logs for locations classified as National Security Sites. By analyzing six years of equipment rentals, state-sponsored actors could map out construction phases or upgrades at military bases and energy plants based on the type of heavy machinery being delivered.

2. Vehicle Cloning and Impersonation

With access to specific license plates and scheduled delivery times, an adversary could "clone" a Loxam vehicle. Security personnel at a site might grant access to an imposter vehicle that matches the plate and arrival time expected in the compromised delivery schedule.

3. Equipment Hijacking

Organized crime groups often target high-value construction machinery. Armed with real-time route data and driver phone numbers, these groups can precisely time interceptions or hijackings of transit trucks.

Loxam’s Response and Mitigation

Loxam has emphasized that the breach has been "contained" and has not impacted its core rental operations. The company is currently working with a "leading" third-party software provider and independent forensic experts to close the loophole.

"This data breach is contained, has ceased, and will be reported to the relevant authorities... our normal operations have not been impacted." — Official Statement from Loxam, February 2026.

Recommendations for Loxam Clients

Organizations that frequently rent equipment from Loxam, particularly those in the energy or government sectors, should adopt the following "Physical 2FA" protocols: