Dealership software company Motility Software Solutions is notifying over 766,000 people that their personal information was compromised in a ransomware attack.
A provider of software for recreational vehicle and power sport dealers, Motility discovered the incident on August 19, after hackers accessed servers that support the company’s business operations.
The attackers, the company says, deployed file-encrypting ransomware on its systems, but also stole files containing customers’ personal information.
The affected data, it says, includes names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, and driver’s license numbers.
“At this time, we have no evidence of actual misuse of the information; nevertheless, we are issuing this notice so that you can take appropriate steps to safeguard your information,” Motility writes in the notification letter sent to the affected individuals.
The data breach was initially disclosed by Motility’s parent company Reynolds and Reynolds on September 12, and this week the dealership software provider notified the Maine Attorney General’s Office that 766,670 people were affected.
The company is providing the impacted individuals with 12 months of free identity theft, credit monitoring, and fraud consultation services.
Motility says it has fully restored its systems from clean backups and implemented additional security tools and measures, but did not say which ransomware group was responsible for the incident.
Last week, however, the Pear ransomware gang listed Reynolds and Reynolds on its Tor-based leak site, claiming the theft of 4.3 terabytes of data.
Given that Reynolds and Reynolds previously said that its systems and network were not affected by the Motility incident, it is likely that the data Pear allegedly stole came from the subsidiary. The cybercrime group has made the data available for download, which suggests that no ransom was paid.
SecurityWeek has emailed Reynolds and Reynolds for clarification on Pear’s claims and will update this article if the company responds.
Related: 1.5 Million Impacted by Allianz Life Data Breach
Related: VerifTools Fake ID Operation Dismantled by Law Enforcement
Related: Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
Related: Canadian Airline WestJet Says Hackers Stole Customer Data
