Nissan Creative Box Inc. (Design Studio)
August 16, 2025
•[ ransomware, malware, automotive ]
Nissan Creative Box, a Tokyo-based Nissan design subsidiary, confirmed unauthorized access on August 16, 2025. Qilin ransomware claimed exfiltration of about 4 TB of sensitive intellectual property and design files, releasing samples as proof and threatening full disclosure. No encryption of systems has been reported.
Jan Nygaard AS, a major BMW & MINI dealership in Denmark
January 25, 2025
•[ ransomware, hack, malware ]
Den store BMW- og Mini-forhandler Jan Nygaard, der omstter for mere end to milliarder kroner, advarer efter Computerworlds afslring tirsdag morgen sine kunder om, at deres data kan vre blevet stjlet af ransomware-gruppe under hackerangreb for mere end tre uger siden.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
Avis
August 3, 2024
•[ leak, automotive ]
American car rental giant Avis notifies over 299,000 customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
Advance Auto Parts
June 5, 2024
•[ leak, misconfiguration, automotive ]
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
ThyssenKrupp
February 23, 2024
•[ ransomware, malware, manufacturing ]
Steel giant ThyssenKrupp confirms that threat actors breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort. Few days later the company confirms a ransomware attack.
Eagers Automotive
December 24, 2023
•[ ransomware, malware, automotive ]
Eagers Automotive, the largest operator of car dealerships in Australia and New Zealand, announces it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident. The Lockbit ransomware gang claims responsibility for the attack.
Van der Ven Auto's
August 18, 2023
•[ ransomware, malware, automotive ]
Van der Ven Auto's is listed in the Black Basta ransomware site.
K&K Glass
July 31, 2023
•[ hack, automotive ]
K&K Glass, part of Auto Glass Now, files a notice of data breach after discovering that an unauthorized party was able to access the company's IT network.
Gruppo Mercurio
June 2, 2023
•[ ransomware, malware, automotive ]
Gruppo Mercurio, an Italian vehicle transportation company, is hit with a LockBit 3.0 ransomware attack.
Jeff Wyler Automotive Family
May 27, 2023
•[ hack, automotive ]
Jeff Wyler Automotive Family (Jeff Wyler) files a notice of data breach after discovering that an unauthorized party was able to access its computer network.
Autotrader
January 6, 2023
•[ hack, misconfiguration, automotive ]
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
Feu Vert
December 6, 2022
•[ ransomware, malware, automotive ]
Vice Society encrypted and leaked data stolen from Feu Vert onto their dark web site
Automovil Club Argentino
December 1, 2022
•[ hack, automotive ]
Automovil Club Argentino posted a notice on its Facebook account that it suffered a network intrusion on December 1st.
UnitedAuto
November 25, 2022
•[ leak, automotive ]
LV adds UnitedAuto, a Mexican automotive company, to its leak site, claiming to have more than 2TB of stolen personal information.
Ethos Group
October 31, 2022
•[ leak, misconfiguration, automotive ]
Ethos Group announces that the company recently experienced a data breach impacting the security of consumer information stored on its computer systems.
Exist
September 16, 2022
•[ hack, ddos, automotive ]
IT Army of Ukraine claims to have conducted a DDoS attack campaign against four Russian online spare parts stores for foreign cars.
Ollex
July 19, 2022
•[ hack, ddos, automotive ]
NoName057(16) claims to have conducted a DDoS attack against the website of a Lithuanian company providing car rental services.
Sixt
April 28, 2022
•[ hack, automotive ]
Car rental giant Sixt is hit by a weekend cyberattack causing business disruptions at customer care centers and select branches.
Applus Technologies
March 30, 2021
•[ hack, malware, automotive ]
A malware attack on emissions testing company Applus Technologies prevents vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin.
