A member of a leading global manufacturer of heavy trucks, buses, and industrial engines, has confirmed it was recently targeted in a cyberattack.
Earlier this month, a threat actor claimed responsibility for breaching the company’s URL, asserting they had stolen and were selling data obtained from the attack. “Hi guys. We hacked new target and selling full attachment” the post read, as reported. “Full attached files is 34,000 and first time hacked + just will 1 hand sell,” the actor added.
As of this writing, the website in question is offline, displaying a message that it has been “temporarily taken offline” due to “system maintenance in progress.”
A spokesperson confirmed that the company had experienced a “security-related incident” involving the application insurance url, which was developed and managed by an external IT service provider.
The breach took place on May 28 and 29, when an unauthorized party accessed the insurance application using credentials belonging to a legitimate external user. The company’s initial assessment suggests that these credentials were exposed via password-stealing malware.
Using the compromised account, the threat actor downloaded documents related to insurance claims. Following the breach, the attacker reportedly used an encrypted email service to email employees directly, threatening to disclose the stolen data. A second email with a similar message was sent later from a separate email account that had also been compromised. Ultimately, the data was leaked by a threat actor.
In response, the company has launched a formal investigation, alerted relevant privacy authorities, and disabled the compromised application. The company has stated that the overall impact of the cyberattack appears to be limited.