BIGFISH TECHNOLOGY LIMITED
26 September 2024

AutoCanada said the ransomware attack "may" affect employee data.

AutoCanada is warning that employee data could have been compromised in an August breach claimed by the Hunters International ransomware gang.

Although the company claims to have found no fraud efforts targeting affected individuals, it is issuing warnings to warn them of potential hazards.

In mid-August, the car dealership corporation announced that it had to take specific internal IT systems offline to combat a cyberattack, resulting in operational difficulties.

Business resumed at AutoCanada's 66 locations, but some customer service operations were either unavailable or delayed.

While the company provided no additional information or updates, the ransomware group Hunters International claimed the attack in a statement on their extortion page on September 17.

The threat actors released terabytes of material purportedly taken from AutoCanada, including databases, NAS storage images, executive information, financial documents, and HR data.

In response to concerns about the data leak, AutoCanada created a FAQ website with further information about the cyberattack discovered during their investigation.
"Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response," according to the FAQ.

"We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada,"

While AutoCanada claims that data "may" have been compromised, a security researcher informed BleepingComputer that the data shared by the ransomware gang obviously includes employee information.

The information that has been disclosed includes:

  • Full Name
  • Address
  • Date of Birth
  • Payroll details, including salary and bonuses.
  • Social insurance number
  • Bank account number utilized for direct deposits.
  • Scans of government-issued ID documents
  • Any personal documents stored on a work computer or disks connected to a work computer.

 

Those affected will receive three years of free identity theft protection and credit monitoring coverage from Equifax, with an enrollment deadline of January 31, 2025.

Furthermore, the corporation claims that affected systems were isolated from the main network, the encryption process was halted, compromised accounts were terminated, and all admin accounts' passwords were reset.

AutoCanada claims that, while it cannot guarantee that such a breach would not occur again, it has taken steps to reduce the likelihood. These methods include completing rigorous security audits, deploying threat detection and response systems, reviewing security policies, and providing cybersecurity training for personnel.

The corporation claims that its business and related operations are continuing with minimal disruption, but no timeline for total restoration has been provided.

In 2023, AutoCanada sold over 100,000 vehicles through its network, thus if customer data is included in the hacked data set, the breach might have a large impact.

However, there is no evidence that Hunters International hacked client data.

BleepingComputer contacted AutoCanada to see if they had any evidence that client data had been compromised, but we are still waiting for a response.

 

Source: Bleeping Computer