Malware
AutoCanada Reveals Ransomware Attack Might Potentially Compromise Employee Data
AutoCanada, a Canadian car dealership group, has fallen victim to a ransomware attack potentially compromising employee data. The company has engaged cybersecurity experts to mitigate the attack and restore its systems while working with law enforcement agencies to investigate the incident. The extent of the data breach remains unknown.
Did you know AutoCanada recently experienced a cyberattack, which may have exposed employee data? The Hunters International ransomware gang claimed responsibility for the attack.
Although AutoCanada hasn’t detected any fraud campaigns targeting those affected, they’re sending notifications to warn people of potential risks. It’s always better to be safe than sorry!
What Happened?
In mid-August, AutoCanada disclosed that it had to take specific internal IT systems offline to contain a cyberattack, which caused operational disruptions. While business continued at all 66 dealerships, some customer service operations were unavailable or faced delays.
Interestingly, AutoCanada didn’t provide any updates on the situation. However, on September 17, the ransomware gang Hunters International claimed the attack and posted terabytes of data allegedly stolen from AutoCanada on their extortion portal.
This data included databases, NAS storage images, executive information, financial documents, and HR data. Naturally, this raised concerns among those who might have had their personal information compromised.
AutoCanada’s Response
AutoCanada published an FAQ page in response to the data leak concerns, providing more information about the cyberattack uncovered during their investigation.
As their investigation continues, AutoCanada is working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of employees’ work with the company.
While AutoCanada says the data “may” have been exposed, a security researcher told us that the leaked data by the ransomware gang does contain employee data. This exposed data includes:
- Full name
- Address
- Date of birth
- Payroll information, including salaries and bonuses
- Social insurance number
- Bank account number used for direct deposits
- Scans of government-issued identification documents
- Any personal documents stored on a work computer or drives tied to a work computer
To help those impacted, AutoCanada is offering three years of free identity theft protection and credit monitoring coverage through Equifax.
What’s Next?
AutoCanada assures that they’ve isolated the impacted systems, disrupted the encryption process, disabled compromised accounts, and reset all admin account passwords.
While they can’t guarantee a 100% breach-free future, they’re taking measures to minimize the chances. These measures include conducting security audits, implementing threat detection and response systems, reevaluating security policies, and organizing cybersecurity training for employees.
As of now, the company says its business operations continue with minimal disruption, but there’s no estimate for complete restoration.
In 2023, AutoCanada sold over 100,000 vehicles through its network. If customer data is included in the compromised dataset, many people could be impacted. However, there’s no indication that Hunters International exfiltrated customer data. We’ve reached out to AutoCanada for a comment on whether customer data was breached, but we’re still waiting for a response.
Stay Informed and Stay Safe
Cybersecurity is a significant concern for individuals and businesses alike. Don’t let yourself become a victim! Keep coming back to learn more about the latest threats and how to protect yourself from them. Remember, knowledge is power – and we’re here to empower you!