AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.
Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks.
In mid-August, the car dealership company disclosed that it had to take specific internal IT systems offline to contain a cyberattack, leading to operational disruptions.
Business continued at AutoCanada’s 66 dealerships, but some customer service operations were unavailable or impacted by delays.
While the firm published no further information or updates, the ransomware gang Hunters International claimed the attack with a post on their extortion portal on September 17.
The threat actors published terabytes of data allegedly stolen from AutoCanada, including databases, NAS storage images, executives’ information, financial documents, and HR data.
In response to the concerns about this data leak, AutoCanada published an FAQ page with more information about the cyberattack that was uncovered during their investigation.
“Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response,” mentions the FAQ page.
“We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada,”
While AutoCanada says that data “may” have been exposed, a security researcher told BleepingComputer that the data leaked by the ransomware gang clearly contains employee data.
The data that has been exposed includes:
- Full name
- Address
- Date of birth
- Payroll information, including salaries and bonuses
- Social insurance number
- Bank account number used for direct deposits
- Scans of government-issued identification documents
- Any personal documents stored on a work computer or drives tied to a work computer
Those impacted will receive a three-year free-of-charge identity theft protection and credit monitoring coverage through Equifax, with the enrollment deadline set to January 31, 2025.
Moreover, the company says that impacted systems were isolated from the main network, the encryption process was disrupted, compromised accounts were disabled, and all admin accounts had their passwords reset.
AutoCanada says that while it cannot give a 100% guarantee such a breach won’t happen…
Click Here to Read the Full Original Article at BleepingComputer…