AutoCanada is warning that worker knowledge might have been uncovered in an August cyberattack claimed by the Hunters Worldwide ransomware gang.
Though the agency says it has detected no fraud campaigns focusing on impacted people, it’s sending notifications to alert affected folks of potential dangers.
In mid-August, the automotive dealership firm disclosed that it needed to take particular inner IT techniques offline to include a cyberattack, resulting in operational disruptions.
Enterprise continued at AutoCanada’s 66 dealerships, however some customer support operations have been unavailable or impacted by delays.
Whereas the agency revealed no additional info or updates, the ransomware gang Hunters Worldwide claimed the assault with a publish on their extortion portal on September 17.
The risk actors revealed terabytes of knowledge allegedly stolen from AutoCanada, together with databases, NAS storage photos, executives’ info, monetary paperwork, and HR knowledge.
In response to the considerations about this knowledge leak, AutoCanada revealed an FAQ web page with extra details about the cyberattack that was uncovered throughout their investigation.
“Our investigation is ongoing, and encrypted server content material is being restored and analyzed as a part of our incident response,” mentions the FAQ web page.
“We’re at present working to find out the total scope of the information impacted by the incident, which can embody private info collected within the context of your employment with AutoCanada,”
Whereas AutoCanada says that knowledge “might” have been uncovered, a safety researcher informed BleepingComputer that the information leaked by the ransomware gang clearly incorporates worker knowledge.
The information that has been uncovered contains:
- Full title
- Deal with
- Date of start
- Payroll info, together with salaries and bonuses
- Social insurance coverage quantity
- Checking account quantity used for direct deposits
- Scans of government-issued identification paperwork
- Any private paperwork saved on a piece pc or drives tied to a piece pc
These impacted will obtain a three-year free-of-charge id theft safety and credit score monitoring protection via Equifax, with the enrollment deadline set to January 31, 2025.
Furthermore, the corporate says that impacted techniques have been remoted from the primary community, the encryption course of was disrupted, compromised accounts have been disabled, and all admin accounts had their passwords reset.
AutoCanada says that whereas it can’t give a 100% assure such a breach will not occur once more, it has taken measures to reduce the probabilities. These measures embody conducting thorough safety audits, implementing risk detection and response techniques, reevaluating safety insurance policies, and organizing cybersecurity coaching for its workers.
The corporate says its enterprise and associated operations proceed with minimal disruption however provided no estimates for full restoration.
In 2023, AutoCanada bought over 100,000 autos via its community, so if buyer knowledge is included within the compromised knowledge set, the incident might affect many individuals.
Nevertheless, there is no indication that Hunters Worldwide exfiltrated buyer knowledge.
BleepingComputer contacted AutoCanada to ask if they’ve any indication that buyer knowledge was breached, too, however we’re nonetheless ready for a remark.