A ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers.
Motility (formerly known as Systems 2000/Sys2K) is a provider of DMS software used by 7,000 dealerships (automotive, powersports, marine, heavy-duty, and RV retail) across the United States.
Its products cover customer relationship management (CRM), inventory management, sales, accounting, financials, service operations, rental and fleet tracking, as well as mobile or web access to control dashboards.
According to a notification shared with the Office of the Maine Attorney General, Motility suffered cyberattack on August 19, where hackers encrypted some of their systems after stealing files containing personal data.
“On or about August 19, 2025, we detected unusual activity within certain computer servers that support our business operations,” reads the notification sent to impacted individuals.
“An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems.”
The company says that the malware restricted access to internal data and forensic evidence indicates that the attacker “may have removed limited files containing customers’ personal data.”
The data types exposed vary per individual, and may contain the following items:
- Full name
- Portal address
- Email address
- Telephone number
- Date of birth
- Social Security number (SSN)
- Driver’s license number
The company conducted a thorough investigation, implemented additional security measures, and restored impacted systems from backups.
It is unclear if Motility engaged with the threat actors but the company established dark web monitoring systems to detect if the stolen data emerges on undergound forums.
Motility underlines that it has no evidence that the stolen information has been misused yet, but urges impacted individuals to take protective actions and increase their vigilance.
On that front, the company provides a year of free identity monitoring services through LifeLock, giving notification recipients until December 19 to enroll using a unique activation code.
Impacted individuals are also recommended to closely monitor their credit reports and consider placing fraud alerts and a credit freeze on their files.
At the time of writing, no ransomware group has claimed responsibility for the attack at Motility.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy