Share this article on:
Australian vehicle dealership giant Eagers Automotive has announced that it suffered a systems outage as a result of a cyber attack.
The Australian company owns a number of car dealerships nationwide for brands including Audi, BMW, Bently, Ford, Mercedes-Benz, Nissan, Porsche, Subaru, Toyota, and more.
Signs that an incident had occurred first appeared when Eagers Automotive requested an ASX trading halt on 27 December 2023. The company has since cited an outage as the reason for the halt.
“The company has experienced a cyber incident resulting in an outage that is disrupting parts of the company’s operations across Australia and New Zealand,” said Eagers Automotive in a letter to the ASX titled “Response to Cyber Incident”.
“We apologise to our customers for any inconvenience.
“While the majority of our dealerships remain open and continue to trade, the extent of the operational impact of the outage is varied across our regions and business units.”
The company added that it has notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.
“External experts have been appointed to support our response, and an urgent investigation is underway,” Eagers Automotive said in another ASX release.
“The security and privacy of our customer and employee data is our highest priority.”
Eagers Automotive has said it has begun notifying some affected customers, but it did not reveal what data had been affected nor how many customers were affected.
“Based on investigations to date, the company is in the process of notifying a small number of individuals identified who may face serious risk of data misuse,” it said.
The attack has been claimed by the prolific LockBit 3.0 ransomware group, which listed the group on its dark web leak site on 30 December 2023.
LockBit claims Eagers Automotive.@troyhunt @Cyberknow20 https://t.co/D7gk7GaW9d pic.twitter.com/6JdhpWcdEX
— Dominic Alvieri (@AlvieriD) December 30, 2023
Additionally, while it is unknown whether negotiations between Eagers Automotive and the ransomware group have begun, LockBit has set a deadline of 19 January 2024 for the Australian company to pay before the data is leaked.