Automotive

Who:

• Hertz (car rental company)

• Cleo Communications (file transfer vendor)

• Possible link to Clop ransomware gang (Russia-affiliated)

What:

A cyberattack exploiting zero-day vulnerabilities in Cleo’s platform led to unauthorized access to Hertz customer data between October–December 2024.

Exposed data includes:

• Names, contact details, and dates of birth

• Credit card and driver’s license information

• Some Social Security and passport numbers

• Workers' compensation claim data

Impact:

• Global exposure: Breach notices issued in the U.S., Canada, EU, UK, and Australia

• Unknown scope: Number of affected customers not yet confirmed

• No current evidence of fraudulent use, but sensitive data is at risk

• Cleo vulnerabilities have been patched, and authorities have been notified

Action Needed:

• Monitor for fraud and identity theft

• Review vendor security practices

• Implement stronger third-party risk management policies

Read the full article HERE

Who: Kia, security researchers, and multiple affected car manufacturers (including Honda, Hyundai, Toyota, Acura, and others).

What: Researchers discovered a security flaw in Kia's web portal that allowed unauthorized access to the internet-connected features of millions of vehicles, enabling hackers to track cars, unlock doors, and start engines.

Impact: The vulnerability posed significant risks, including potential theft of vehicles and personal data, as well as privacy and safety concerns for drivers. While Kia has since patched the flaw, the incident highlights broader security issues across the automotive industry, with multiple manufacturers facing similar vulnerabilities.

Read the full article HERE

Who:

• Victim: Toyota Motor North America (via a third-party entity)

• Perpetrators: A threat actor named ZeroSevenGroup

What:

• Incident: A third-party data breach exposed 240GB of Toyota employee and customer data, including contacts, financial details, and network infrastructure information. The threat actor leaked the stolen data on a hacking forum, claiming it included sensitive credentials and other critical information.

• Toyota's Response: Toyota confirmed the breach, clarified that its internal systems were not compromised, and is working with affected individuals, though details about the breach and the third-party entity involved remain undisclosed.

Impact:

• Data Exposure: The breach affects a significant amount of sensitive data, with potential implications for Toyota employees, customers, and the company's security posture.

• Ongoing Risks: The exposure of network infrastructure information and credentials poses ongoing security risks for Toyota and its partners. The breach also adds to a series of recent security incidents impacting the company, raising concerns about data protection practices.

Read the full article HERE

Who:

• CDK Global, a software provider for car dealerships.

• Up to 15,000 car dealerships, including major chains like Asbury, AutoNation, Group 1, Lithia, and Sonic.

What:

• CDK Global reportedly paid a $25 million ransom in Bitcoin after a ransomware attack.

• The attack led to a two-week outage of CDK’s software platform, severely disrupting operations for car dealerships across the U.S.

• The ransomware group BlackSuit is suspected to be behind the attack.

Impact:

• Financial Loss: The attack cost CDK $25 million in ransom and caused an estimated $600 million in damages to dealerships during the first two weeks of the shutdown.

• Operational Disruptions: The outage halted sales and registrations, affecting the entire car dealership network reliant on CDK’s software.

• Recovery Efforts: CDK took several days to restore services, likely using backups and information from decrypted systems. Some systems and third-party applications remain offline.

• Industry-Wide Repercussions: The incident impacted the reputation and customer relations of affected dealerships, with ongoing legal and operational ramifications.

• Trend in Ransomware Attacks: The attack on CDK is part of a broader trend, with ransomware incidents increasing but fewer victims choosing to pay ransoms.

Read the full article HERE

Who:

• CDK Global is a provider of dealer management (DMS) software for auto dealerships across the U.S.

• Approximately 15,000 car dealerships that rely on CDK's software.

What:

• CDK Global experienced a series of cyberattacks starting Tuesday evening, leading to a prolonged system outage.

• The cyberattacks disrupted CDK's dealer management software, which is critical for sales, payroll, inventory, customer relations, and office operations.

Impact:

• Operational Disruption: The outage has severely impacted the daily operations of roughly 15,000 car dealerships. Employees have resorted to manual processes, but most transactions, especially vehicle sales, have stalled.

• Customer Service: Dealerships are unable to process sales and other services efficiently, affecting customer satisfaction and business operations.

• Phishing Threats: Bad actors are exploiting the situation by posing as CDK support staff to conduct phishing attacks.

• Duration: CDK has not provided a clear timeline for resolution, but the outage is expected to last several days.

• Financial and Reputational Damage: The disruption may lead to significant financial losses for the dealerships and damage CDK Global’s reputation, despite its touted cybersecurity capabilities.

Response:

• Investigation and Mitigation: CDK Global is investigating the incident with the help of third-party experts and working to restore services.

• Customer Communication: CDK is providing regular updates to customers, though the exact timeline for full-service restoration remains uncertain.

• Security Warnings: CDK has warned customers about phishing attacks and urged them to be cautious about unsolicited communications.

Read the full article HERE