Stolen Credentials Used to Access External Insurance Platform
Swedish vehicle manufacturer Scania has reported a cybersecurity breach impacting its Financial Services division. The attackers used stolen login credentials to access an external insurance platform hosted by a third-party IT provider. The compromised site, insurance.scania.com, has since been taken offline.
The breach occurred between May 28 and 29, when the intruder used a legitimate external account to download documents containing insurance-related data. On May 30, Scania received an extortion message via ProtonMail, threatening to leak the stolen files unless demands were met.
A second extortion message was sent from another unrelated compromised email address. Shortly after, a user named “Hensi” published part of the stolen data on a hacking forum and listed the rest for sale.
Scania’s Response and Ongoing Investigation
Scania responded immediately by launching an internal investigation and notifying the appropriate data protection authorities. While the full scope remains under review, the company described the breach’s impact as limited.
The leaked data includes sensitive insurance documents that may contain personal and financial information. However, Scania has not yet confirmed how many individuals were affected.
Scania, part of the Volkswagen Group, employs over 59,000 people and generates more than $20 billion annually. Eye World continues to track the growing trend of credential-based attacks across the automotive and manufacturing sectors.
0 responses to “Cyberattack on Scania Financial Services Involves Data Theft, Extortion”