Hacker group claims major customer data theft from Harley-Davidson
American motorcycle manufacturer Harley-Davidson has reportedly suffered a cyber security incident that compromised the sensitive personal information of its customers.
Founded in 1903 and headquartered in Milwaukee, Wisconsin, Harley-Davidson is globally known for its premium motorcycles with iconic looks and powerful engines. While the company supplies its products globally, it concentrates more on markets in North America, China, Japan, Korea, Europe, Middle East and Latin America.
Recently, a threat actor going by the name “888” listed Harley-Davidson as a victim on its dark web channel. The hacker group claimed that it infiltrated the motorcycle manufacturers’ internal network and stole the personal information of its customers.
🚨Data Breach Alert ‼️
🇺🇸USA - Harley-Davidson
The threat actor known as "888" claims to have breached Harley-Davidson.
Allegedly, 66.7k rows of customer data were exfiltrated, including first name, last name, full name, address, city, state, zip code, email address, mobile… pic.twitter.com/QiEewPV7P6
According to a screenshot shared on X, 888 claims to be in possession of 66,700 sets of user data, including customers’ first names, last names, addresses, city, state, zip codes, email addresses, mobile numbers, home phone numbers, email preferences, SMS preferences, VIN, vehicle make, vehicle model, vehicle year, sale dates, warranty exp dates, last service dates, and more.
The group has already shared a link to download the stolen data on the dark web forum for interested parties, indicating that ransom payment negotiations with the motorcycle manufacturer may have failed.
Harley-Davidson is yet to issue a response with reference to the claims made by the threat actor. Also, it is not known how the threat actors infiltrated the company’s internal network, whether malware was deployed or the number of affected individuals.
Earlier this year, the same hacker group listed e-commerce giant Shopify as a victim on the dark web. The group claimed that it infiltrated the e-commerce giant’s internal network and was in possession of 173,873 sets of user data, including Shopify IDs, first names, last names, email addresses, mobile numbers, trader counts, total spent, email subscription, email subscription dates, SMS subscription, and SMS subscription dates.
To prove the authenticity of its claims, the group also leaked a portion of the stolen data and was willing to sell the entire database to a single buyer who contacted it via personal messages on the forum.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543