Repairer Driven News
« Back « PREV Article  |  NEXT Article »

AutoCanada notifies employees of possible data exposure after cyberattack

By on
Announcements | Insurance | International | Technology
Share This:

Employees of AutoCanada could have data exposed following a cyber attack that is claimed by the Hunters International ransomware gang, according to Bleeping Computer

AutoCanada is sent alerts to affected people in the attack last week, the article says. It says the company also claims it is unaware of any attempts to target impacted individuals. 

The company announced Aug. 13 that it had identified a cybersecurity incident on Aug. 11 that impacted its internal IT systems, according to a press release. 

It said the company took immediate action to safeguard its network and data. This included engaging with cybersecurity experts to assist with containment and remediation efforts, according to the release. 

In the August release, the company said an investigation was ongoing. It said the extent of customer, supplier or employee data access was unknown. 

Bleeping Computer reports that business continued at the company’s 66 dealerships with some customer service operations unavailable or delayed. 

The ransomware gang Hunters International claimed the attack with a post on their portal in September, the article says. It says the group published terabytes of data allegedly stolen including NAS storage images, executives’ information, financial documents and HR data. 

AutoCanada created a FAQ page after Hunters International post, according to the article. However, the page didn’t appear to be working Thursday. 

“While AutoCanada says that data “may” have been exposed, a security researcher told BleepingComputer that the data leaked by the ransomware gang clearly contains employee data,” the article says. 

According to the article, data that has been exposed incudes: name, address, date of birth, payroll information, social insurance number, bank account number used for direct deposit, scans of identification documents and any other personal information stored on work computers or drives. 

Those impacted will receive free theft protection and monitoring from Equifax for three years, Bleeping Computer says. 

A CDK ransomware attack impacted more than 15,000 dealerships through late June to early July. The company’s system was down for nearly two weeks. A series of class action lawsuits have been filed by dealerships and collision centers following the cyberattack. 

Cyber threat is the top concern among businesses this year, according to a 2024 Travelers Risk Index recently released by The Travelers Companies Inc

A record number of participants (62%) ranked cyber risks as their greatest concern, a news release about the report says. It was followed by increasing employee benefits costs (59%), broad economic uncertainty (59%) and the ability to attract talent (54%). 

“The findings speak to the business community’s greater awareness of cyber threats and the catastrophic damage, both operational and financial, a cyberattack can have on a company,” said Tim Francis, Enterprise cyber lead at Travelers in the release. “What’s troubling is that while more businesses are securing cyber insurance as a tool to mitigate vulnerabilities, many still elect not to – despite knowing the risks.”

The release says more than 30% of more than 1,200 respondents said they don’t have cyber security insurance.  The number of businesses who said they had a policy was up 5% from last year at 65%. It is also considerably higher than the 39% reported in 2018. 

“The year-over-year increase was seen across businesses of all sizes: small businesses jumped to 41% from 34%; mid-sized companies increased to 77% from 74%; and large businesses rose to 78% from 72%,” the release says. 

About 24% of companies reported that they had experienced a cyber incident, the release says. That is up from 23% in 2022. 

“This is the eighth time in nine years that the percentage of respondents who said their company has suffered a data breach or cyber event increased from the previous year,” the release says. 

Respondents said they are most concerned (57%) of someone accessing unauthorized financial accounts or control systems. Other concerns were Ransomware (54%), employees putting information or systems at risk through unsafe practices (53%) and system glitches (53%). 

A Collision Industry Conference Panel “Industry PSA: Data and Cyber Protections, Impacts to Business” will discuss real-world best practices, business insurance implications and impacts regarding data security and controls during a Nov. 5 meeting in Las Vegas. 

Trent Tinsley, a panelist and Entegral assistant vice president sales operations and business development, said Thursday the panel will discuss how a cyber security event could have on a shop’s reputation and business. It also will focus on recommended mitigation best practices and commercial insurance considerations. 

He said the panel will discuss some of the below mitigation practices shops should consider are: 

Data Retention & Destruction

    • Paper files
    • Records on PCs/laptops/servers
    • Automatic purge timelines

Access Controls

    • Password sharing
    • Password access
    • ‘Privileged Access’
    • Access Removal

Facilities

    • Separate WiFi networks for guests & employees
    • Third-party IT assessment companies
    • Facility coverage reviews

Training & Awareness

    • Online trainings (such as AMi)
    • Best Practices Enforced
    • Risk Reviews

IMAGES

Photo courtesy of Just_Super/iStock 

Share This: