Car dealership company Auto Canada warned that employee data might have been leaked in a ransomware attack claimed by the Hunters International ransomware group. In August 2024, the company suffered a company was hit by a cyber-attack. While Auto Canada hasn't reported any fraud campaigns directly impacting individuals, it has notified employees about the potential risks.
Earlier in August, the company was forced to shut down a few internal IT systems offline to limit a ransomware attack, which led to operational disruptions. Although the 66 dealerships continued business as usual, some customer service operations were disrupted causing delays.
Data Leaked?
Auto Canada didn't disclose any further information or updates, but the ransomware gang Hunters International claimed responsibility for the attack, posting the data on their portal.
The group leaked terabytes of data allegedly stolen from the car dealership- network storage images, confidential financial and HR documents, and databases. The released data includes employee records and executive details, sparking debates about the scale of the cyber-attack.
Auto Canada's Reply
Responding to the concerns, Auto Canada has published an FAQ page discussing about the cyber attack and details uncovered during the investigation. “Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response.” says the FAQ page. “We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada.”
The allegedly leaked data includes name, date of birth, address, social insurance number, payroll details, bank account info, and scans of government-issued I'd documents.
What Happens to Affected People?
For impacted individuals, Auto Canada has offered a three-year free-of-cost Identity theft protection and credit monitoring coverage via Equifax, the enrollment deadline is valid until January 31, 2025. Auto Car says the compromised systems were separated from the main network, compromised accounts were taken down, the encryption process was shut down, and resetting of all admin account passwords.
Despite the implemented measures, Auto Car can't provide a 100% guarantee of such incidents happening in the future. While the company acknowledges the attack, it has taken a few measures to prevent future incidents:
- Conducting cybersecurity training for employees
- Reviewing security policies
- Implementing threat detection and incident response programs
- Conducting regular security audits