Automotive large Scania confirmed it suffered a cybersecurity incident the place risk actors used compromised credentials to breach its Monetary Providers programs and steal insurance coverage declare paperwork.
Scania advised BleepingComputer that the attackers emailed a number of Scania workers, threatening to leak the info on-line except their calls for have been met.
Scania is a significant Swedish producer of heavy vehicles, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The corporate, which is thought for its sturdy fuel-efficient engines, employs over 59,000 folks and has an annual income of $20.5 billion, promoting over 100,000 automobiles yearly.
Late final week, risk monitoring platform Hackmanac noticed a hacking discussion board submit by a risk actor named ‘hensi,’ who’s promoting information they claimed to have stolen from ‘insurance coverage.scania.com,’ providing it to a single unique purchaser.
Supply:Â @H4ckmanac | X
Scania confirmed the breach to BleepingComputer, stating that their programs have been breached on Could 28, 2025, utilizing an exterior IT accomplice’s credentials stolen by infostealer malware.
“We are able to affirm there was a safety associated incident within the software “insurance coverage.scania.com”, the appliance is offered by an exterior IT accomplice,” said a Scania spokesperson.
“On the twenty eighth and twenty ninth of Could, a perpetrator used credentials for a official exterior person to realize entry to a system used for insurance coverage functions; our present assumption is that the credentials utilized by the perpetrator have been leaked by a password stealer malware.”
“Utilizing the compromised account, paperwork associated to insurance coverage claims have been downloaded.”
Insurance coverage declare paperwork are more likely to comprise private and probably delicate monetary or medical information, so the incident may have a major influence on these affected. Presently, the variety of uncovered people stays undefined.
The breach was adopted by an extortion section the place the attackers contacted Scania workers immediately utilizing a @proton.me electronic mail tackle to extort the corporate, following up with the publication of samples of the stolen information on hacking boards.
“Early on the thirtieth (CEST) the attacker despatched emails from proton.me to a lot of Scania workers threatening to reveal the info.”
“A follow-up electronic mail with comparable content material got here later from an unrelated third social gathering whose electronic mail had been compromised. The information was later leaked by an actor named Hensi.”
The compromised software is now not reachable on-line, and an investigation into the incident has been launched.
In the meantime, Scania advised BleepingComputer that the breach had restricted influence and that it notified privateness authorities relating to the incident.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, scale back overhead, and concentrate on strategic work — no advanced scripts required.
