BMW potentially tied up in third-party cyber attack

The financial services division of German automaker BMW has suffered as a result of a third-party data breach.

BMW Financial Services has become caught up in the breach of Texas fintech firm AIS Infosource LP (AIS), which provides customers with data analytics, technology and more for financial services firms.

According to a report by Oklahoma law firm Federman & Sherwood, the breach was first discovered on 17 February, which determined access had occurred between 16 February and 21 February.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

While details on the breach are sparse, a breach notification from AIS to clients seen by media says that the fintech firm launched an investigation after it detected suspicious activity on its network, which uncovered that unauthorised actors had breached its network and exfiltrated data.

AIS has revealed that potentially compromised data includes names, Social Security numbers and financial account numbers. The company also confirmed that 1,950 people were affected by the incident.

While it is unclear whether or not any BMW data was exfiltrated, AIS confirmed that the breach did not affect the systems or databases of BMW Financial Services.

Just last month, threat actors claimed a cyber attack on another German automaker, Volkswagen, claiming to have exfiltrated the personal and security data of customers and their vehicles.

Volkswagen Group is the second-largest car manufacturer in the world in sales, the largest in the world in revenue and the largest company in Europe. It owns brands such as Porsche, Audi, Bently, Lamborghini, Cupra, SEAT, Škoda, and Volkswagen.

On 1 June 2025, the Stormous ransomware gang listed Volkswagen Group on its dark web leak site, claiming to have exfiltrated an unspecified amount of data.

VIEW ALL

According to the listing, the threat actors stole “user account data (partially hidden emails), authentication tokens (OAuth tokens, JWT tokens), login links for external systems”, session cookies, identity and access information, including phone numbers, emails, profile details, vehicle VIN numbers, and “authentication and access control details”.

Stormous now claims to have published Volkswagen Group’s data. It is unclear if the claim is legitimate.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

BMW potentially tied up in third-party cyber attack

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED