In August, AutoCanada experienced a ransomware attack that may have compromised sensitive employee data. The incident, later claimed by the Hunters International ransomware gang, has raised concerns about potential data breaches within the company. While the company has not reported any fraud campaigns directly targeting affected individuals, it is taking precautionary measures by notifying employees about the risks.
The car dealership group was forced to take some internal IT systems offline to contain the cyberattack, which led to disruptions in certain services. While its 66 dealerships continued business operations, customer service departments experienced delays.
On September 17, the ransomware gang published a post on its extortion portal, claiming responsibility for the attack. They also released several terabytes of data allegedly stolen from AutoCanada, including databases, network storage images, and confidential financial and HR documents. Among the leaked information were executive details and employee records, prompting further concerns about the scope of the breach.
AutoCanada confirmed that its investigation is still ongoing and that it is in the process of restoring and analysing the encrypted server content.
The data possibly exposed in the attack includes full names, home addresses, dates of birth, payroll details, social insurance numbers, bank account information, and scans of government-issued identification. Personal documents stored on work computers were also potentially affected.
AutoCanada has implemented a specific program to give identity theft protection and credit monitoring to anybody affected by the hack. The attack resulted in the disabling of compromised accounts, the interruption of the encryption process, and the isolation of impacted systems from the main network. As a precaution, the passwords for all administrative accounts were also changed.
Despite the steps taken, AutoCanada acknowledges that it cannot guarantee that future breaches will not occur. However, the company has increased its security efforts by conducting thorough audits, enhancing its threat detection and response systems, reviewing security policies, and organising cybersecurity training for employees.
Although the company has not publicly disclosed if customer data was compromised, there is no evidence from the ransomware gang that suggests customer information was exfiltrated. Security experts remain vigilant as investigations continue, and while business operations have largely resumed, the full extent of the breach is still being determined.
AutoCanada has committed to minimising any future risks and is focused on restoring its services while safeguarding both employee and customer data.