ASX-listed motorcycle distributor MotorCycle Holdings has disclosed a data breach affecting customers of two of its brands.
The company announced to the Australian Securities Exchange [pdf] that a threat actor “unlawfully gained access to a third-party hosted web server” that hosted websites for the Sherco and Lambretta brands.
Malicious code was inserted into the websites, the company said, which “may have resulted in the exposure of some customer personal information, including names, addresses, email addresses and phone numbers.”
The attacker also gained access to a server “which stored customer responses to webforms from the Websites.”
The company is notifying customers affected by the breach, it said.
“There has been no compromise of any other [company] platforms identified at this stage and the data breach has had no impact on the company’s ongoing operations.”
Because a third party hosted the sites, the company said its internal network is unaffected by the breach.
Sherco and Lambretta were part of the distribution business of Mojo Motorcycles, which MotorCycle Holdings acquired in 2022.
The company has a 5000 square metre distribution centre in Altona North in Victoria, and a 2500 square metre facility in Yatala in Queensland.