Scania Confirms Cyber Attack on Insurance Division
Swedish heavy vehicle manufacturer Scania has acknowledged that cybercriminals have successfully infiltrated its insurance and financial services division.
As a part of the Volkswagen Group, Scania is a well-known manufacturer of large trucks, buses, and industrial vehicles. The company employs over 59,000 staff globally, sells more than 100,000 vehicles each year, and generates an annual revenue of approximately $20.5 billion.
This month, an individual identified as “hensi” claimed to have conducted a cyber attack on Scania’s insurance domain, “insurance[.]scania[.]com,” asserting that they have stolen data.
“Hello everyone. We’ve targeted and hacked Scania, and we’re selling the full attachment of their insurance data,” the hacker announced in a message that was noticed by Hackmanac.
According to the hacker, “The full attached files come to 34,000, and this is the first time we have hacked it; a one-time sale is available.” Currently, the mentioned website is down, indicating that it has “been temporarily taken offline” for “system maintenance.”
In a conversation with BleepingComputer, Scania confirmed the breach and revealed that data had been exfiltrated. A Scania spokesperson stated, “We can confirm a security incident occurred in the ‘insurance.scania.com’ application, which is managed by an external IT partner.”
The spokesperson elaborated that on May 28 and 29, a perpetrator used credentials from a legitimate external user to access the insurance system, likely due to password-stealing malware. Sensitive documents related to insurance claims were downloaded using the compromised account. Following the breach, the hacker employed a proton.me email address to extort Scania employees directly and began releasing samples of the stolen data.
“Early on May 30 (CEST), the attacker sent emails threatening to release the data to several Scania employees,” the spokesperson explained. A subsequent follow-up email was sent from a compromised unrelated account. The leaked data was subsequently disseminated by the individual known as Hensi. Although Cyber Daily has not verified the leaked data, such documents usually contain a wealth of personal information, including names, contact details, and potentially medical and financial data.
Scania has initiated an investigation into the incident and has informed privacy authorities. The company stated that the impact of the cyber attack was limited, and the compromised application has been disabled.
