Hackers Claim Breach of Scania Financial Services, Leak Sensitive Data

A significant data breach has rocked Sweden’s Scania Financial Services, as a threat actor operating under the alias “hensi” claims to have infiltrated the subdomain insurance.scania.com, exfiltrating a trove of sensitive files and offering them for sale on underground forums. 

The incident, first detected in mid-June 2025, has raised concerns across the automotive and financial sectors, given Scania’s prominent role in the European commercial vehicle market.

Details of the Breach

According to cybersecurity researchers and multiple news outlets, the threat actor “hensi” announced the breach on a well-known, invite-only hacker forum, stating this was a first-time intrusion into Scania’s insurance platform. 

– Advertisement –

The actor claims to have obtained a full set of files—reportedly 34,000 in total—and posted several sample images as proof, offering the entire cache to a single buyer.

Scania, a major Swedish manufacturer of trucks, buses, and engines, confirmed the breach occurred on May 28, 2025, when attackers exploited credentials belonging to an external IT partner. 

The compromised credentials, believed to have been stolen using infostealer malware, allowed the perpetrator to access and download documents related to insurance claims.

While the full scope of the exposed information remains under investigation, the stolen files are believed to contain insurance claim documents, which typically include personal, financial, and potentially medical data of customers and partners. 

This raises the risk of identity theft, financial fraud, and privacy violations for affected individuals and companies.

The breach was quickly followed by an extortion attempt, with the attacker contacting Scania employees via email and threatening to leak the data unless demands were met. 

When negotiations failed, sample data was published on hacker forums, further confirming the authenticity of the breach.

Scania responded by taking the compromised application offline and launching a comprehensive investigation in collaboration with cybersecurity experts and privacy authorities. 

The company emphasized that the breach was limited to the insurance application and that they are working to assess the full impact and notify affected parties as required by law.

A spokesperson for Scania stated, “We can confirm there has been a security-related incident in the application ‘insurance.scania.com’, provided by an external IT partner.

The application is no longer reachable online, and we have notified relevant authorities”.

This incident highlights the growing threat posed by cybercriminals targeting the insurance and automotive sectors, where large volumes of sensitive data are stored and processed. 

Experts warn that social engineering and credential theft remain among the most effective tactics for breaching corporate defenses, underscoring the need for robust security protocols and employee training.

As investigations continue, Scania urges all customers and partners to remain vigilant for potential phishing attempts and to report any suspicious activity immediately.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates