Automotive large Scania confirmed it suffered a cybersecurity incident the place risk actors used compromised credentials to breach its Monetary Providers programs and steal insurance coverage declare paperwork.
Scania instructed BleepingComputer that the attackers emailed a number of Scania workers, threatening to leak the info on-line except their calls for had been met.
Scania is a significant Swedish producer of heavy vans, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The corporate, which is understood for its sturdy fuel-efficient engines, employs over 59,000 folks and has an annual income of $20.5 billion, promoting over 100,000 autos yearly.
Late final week, risk monitoring platform Hackmanac noticed a hacking discussion board publish by a risk actor named ‘hensi,’ who’s promoting information they claimed to have stolen from ‘insurance coverage.scania.com,’ providing it to a single unique purchaser.
Supply:Â @H4ckmanac | X
Scania confirmed the breach to BleepingComputer, stating that their programs had been breached on Might 28, 2025, utilizing an exterior IT accomplice’s credentials stolen by infostealer malware.
“We will verify there was a safety associated incident within the software “insurance coverage.scania.com”, the applying is offered by an exterior IT accomplice,” said a Scania spokesperson.
“On the twenty eighth and twenty ninth of Might, a perpetrator used credentials for a reputable exterior consumer to achieve entry to a system used for insurance coverage functions; our present assumption is that the credentials utilized by the perpetrator had been leaked by a password stealer malware.”
“Utilizing the compromised account, paperwork associated to insurance coverage claims had been downloaded.”
Insurance coverage declare paperwork are prone to include private and probably delicate monetary or medical information, so the incident may have a big affect on these affected. Presently, the variety of uncovered people stays undefined.
The breach was adopted by an extortion section the place the attackers contacted Scania workers straight utilizing a @proton.me e-mail handle to extort the corporate, following up with the publication of samples of the stolen information on hacking boards.
“Early on the thirtieth (CEST) the attacker despatched emails from proton.me to plenty of Scania workers threatening to reveal the info.”
“A follow-up e-mail with comparable content material got here later from an unrelated third celebration whose e-mail had been compromised. The information was later leaked by an actor named Hensi.”
The compromised software is not reachable on-line, and an investigation into the incident has been launched.
In the meantime, Scania instructed BleepingComputer that the breach had restricted affect and that it notified privateness authorities concerning the incident.
Patching used to imply advanced scripts, lengthy hours, and limitless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, cut back overhead, and concentrate on strategic work — no advanced scripts required.
