AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.
Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks.
In mid-August, the car dealership company disclosed that it had to take specific internal IT systems offline to contain a cyberattack, leading to operational disruptions.
Business continued at AutoCanada’s 66 dealerships, but some customer service operations were unavailable or impacted by delays.
While the firm published no further information or updates, the ransomware gang Hunters International claimed the attack with a post on their extortion portal on September 17.
The threat actors published terabytes of data allegedly stolen from AutoCanada, including databases, NAS storage images, executives’ information, financial documents, and HR data.
In response to the concerns about this data leak, AutoCanada published an FAQ page with more information about the cyberattack that was uncovered during their investigation.
“Our investigation is ongoing, and encrypted server content is being restored and analyzed as part of our incident response,” mentions the FAQ page.
“We are currently working to determine the full scope of the data impacted by the incident, which may include personal information collected in the context of your employment with AutoCanada,”
While AutoCanada says that data “may” have been exposed, a security researcher told BleepingComputer that the data leaked by the ransomware gang clearly contains employee data.
The data that has been exposed includes:
- Full name
- Address
- Date of birth
- Payroll information, including salaries and bonuses
- Social insurance number
- Bank account number used for direct deposits
- Scans of government-issued identification documents
- Any personal documents stored on a work computer or drives tied to a work computer
Those impacted will receive a three-year free-of-charge identity theft protection and credit monitoring coverage through Equifax, with the enrollment deadline set to January 31, 2025.
Moreover, the company says that impacted systems were isolated from the main network, the encryption process was disrupted, compromised accounts were disabled, and all admin accounts had their passwords reset.
AutoCanada says that while it cannot give a 100% guarantee such a breach won’t happen again, it has taken measures to minimize the chances. These measures include conducting thorough security audits, implementing threat detection and response systems, reevaluating security policies, and organizing cybersecurity training for its employees.
The company says its business and related operations continue with minimal disruption but offered no estimates for complete restoration.
In 2023, AutoCanada sold over 100,000 vehicles through its network, so if customer data is included in the compromised data set, the incident may impact many people.
However, there’s no indication that Hunters International exfiltrated customer data.
BleepingComputer contacted AutoCanada to ask if they have any indication that customer data was breached, too, but we are still waiting for a comment.