Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Swedish heavy vehicle manufacturer Scania has confirmed that threat actors successfully breached its insurance and financial services division.
A member of the Volkswagen Group, Scania is a major producer of large trucks, buses and heavy industrial vehicles and engines. It employs over 59,000 people worldwide, sells over 100,000 vehicles annually and has an annual revenue of US$20.5 billion.
Earlier this month, a threat actor going by “hensi” claimed a cyber attack on the company URL “insurance[.]scania[.]com”, claiming to have exfiltrated data.
“Hi guys. We hacked new target and selling full attachment [sic] of [Scania insurance],” the threat actor wrote in a post spotted by Hackmanac.
“Full attached files is 34,000 and first time hacked + just will 1 hand sell.”
At the time of writing, the website listed is down, saying it has “been temporarily taken offline” and that there is “system maintenance in progress”.
However, speaking with BleepingComputer, Scania confirmed that threat actors had breached its network and exfiltrated data.
“We can confirm there has been a security-related incident in the application ‘insurance.scania.com’, the application is provided by an external IT partner,” a Scania spokesperson told BleepingComputer.
“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
“Using the compromised account, documents related to insurance claims were downloaded.”
Following the breach, the threat actor used an @proton.me email address to extort company employees directly and began publishing samples of the data.
“Early on the 30th (CEST), the attacker sent emails from proton.me to a number of Scania employees threatening to disclose the data.”
“A follow-up email with similar content came later from an unrelated [third] party whose email had been compromised. The data was later leaked by an actor named Hensi.”
While Cyber Daily has not observed the leaked data or samples, insurance documents typically contain large amounts of personal data, including names, phone numbers, email and physical addresses, and potentially even medical and financial information.
Scania has launched an investigation into the breach and has notified privacy authorities of the incident. It also added that the cyber attack’s impact was limited.
The company has since disabled the breached application.
Be the first to hear the latest developments in the cyber industry.
