LKQ Corporation, a major US-based provider of auto parts, informed the SEC late last week that a recent cyberattack caused disruptions at a Canadian business unit.
LKQ provides parts for repairing and accessorizing consumer cars and other vehicles. The company has 1,600 locations across two dozen countries, and a total of 45,000 employees.
In an 8-K filing with the SEC, the company revealed that it detected unauthorized access to IT systems at a single business unit in Canada on November 13.
The cyberattack caused disruptions at the impacted business unit for “a few weeks”, but the unit is now operating near full capacity and the threat is believed to have been contained.
“As of the date of this filing, we believe the impacts of the cyber incident are not, and are not reasonably likely to be, material to our financial condition or results of operations for the fiscal year,” LKQ said.
“We will be seeking reimbursement of costs, expenses, and losses stemming from the cyber incident by submitting claims to our cybersecurity insurers,” LKQ added.
It’s unclear whether the attack was conducted by a ransomware group. No known threat actors have taken credit for the LKQ cyberattack, but that does not completely rule out ransomware (companies that pay a ransom are not named on leak websites).
SecurityWeek has reached out to LKQ for more information and will update this article if the company responds.
Related: Unpatched Vulnerabilities Allow Hacking of Mazda Cars
Related: Millions of Kia Cars Were Vulnerable to Remote Hacking
Related: Car Dealerships in North America Revert to Pens and Paper After Cyberattacks on Software Provider
