Automotive large Scania confirmed it suffered a cybersecurity incident the place menace actors used compromised credentials to breach its Monetary Companies methods and steal insurance coverage declare paperwork.
Scania advised BleepingComputer that the attackers emailed a number of Scania workers, threatening to leak the info on-line except their calls for had been met.
Scania is a significant Swedish producer of heavy vans, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The corporate, which is understood for its sturdy fuel-efficient engines, employs over 59,000 folks and has an annual income of $20.5 billion, promoting over 100,000 autos yearly.
Late final week, menace monitoring platform Hackmanac noticed a hacking discussion board put up by a menace actor named ‘hensi,’ who’s promoting knowledge they claimed to have stolen from ‘insurance coverage.scania.com,’ providing it to a single unique purchaser.
Risk actor’s put up on underground boards
Supply: @H4ckmanac | X
Scania confirmed the breach to BleepingComputer, stating that their methods had been breached on Could 28, 2025, utilizing an exterior IT accomplice’s credentials stolen by infostealer malware.
“We are able to verify there was a safety associated incident within the utility “insurance coverage.scania.com”, the applying is offered by an exterior IT accomplice,” acknowledged a Scania spokesperson.
“On the twenty eighth and twenty ninth of Could, a perpetrator used credentials for a authentic exterior consumer to realize entry to a system used for insurance coverage functions; our present assumption is that the credentials utilized by the perpetrator had been leaked by a password stealer malware.”
“Utilizing the compromised account, paperwork associated to insurance coverage claims had been downloaded.”
Insurance coverage declare paperwork are more likely to comprise private and probably delicate monetary or medical knowledge, so the incident might have a big affect on these affected. Presently, the variety of uncovered people stays undefined.
The breach was adopted by an extortion part the place the attackers contacted Scania workers immediately utilizing a @proton.me e-mail tackle to extort the corporate, following up with the publication of samples of the stolen knowledge on hacking boards.
“Early on the thirtieth (CEST) the attacker despatched emails from proton.me to a variety of Scania workers threatening to reveal the info.”
“A follow-up e-mail with related content material got here later from an unrelated third occasion whose e-mail had been compromised. The information was later leaked by an actor named Hensi.”
The compromised utility is not reachable on-line, and an investigation into the incident has been launched.
In the meantime, Scania advised BleepingComputer that the breach had restricted affect and that it notified privateness authorities concerning the incident.
Patching used to imply complicated scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no complicated scripts required.
