Swedish truck giant Scania is investigating a cybersecurity incident after a hacker offered to sell data allegedly stolen from its systems.
Roughly one week ago, a hacker claimed to have breached the domain ‘insurance.scania.com’, allegedly stealing 34,000 files, which they had been offering to sell on a cybercrime forum.
Contacted by SecurityWeek, Scania confirmed that the ‘insurance’ subdomain on its website, which is associated with Scania Corporate Insurance services, was involved in a cybersecurity incident. However, the company pointed out that the site is operated by an external IT partner.
The impacted website has been taken offline as a result of the incident and is still down at the time of writing.
“Current indications suggest the impact is very limited,” a Scania spokesperson told SecurityWeek.
Scania told Bleeping Computer that the hacker gained access to the targeted website in late May using credentials previously stolen by information-stealer malware. The compromised credentials gave the attacker access to insurance claims.
Indeed, threat intelligence firm DarkEye reported seeing hundreds of leaked credentials associated with Scania on the dark web.
The hacker apparently attempted to extort the company before offering to sell the stolen information.
It’s unclear exactly what type of information has been compromised and how many individuals are impacted by the incident.
Scania manufactures heavy trucks and buses, as well as industrial and marine engines. The company has nearly 59,000 employees across more than 100 countries.
Related: 100 Car Dealerships Hit by Supply Chain Attack
Related: Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
Related: Trucking Giant Says Ransomware Attack Had $7.5M Impact
