Over 760,000 Affected in Major Security Breach at Motility Software

Management software provider Motility Software Solutions said a data security incident it suffered earlier compromised the sensitive personal data of more than 760,000 individuals.

 

Headquartered in Maitland, Florida, Motility Software Solutions provides software solutions to automotive dealerships to track repairs and manage vehicles. 

 

In a data security incident notice submitted to the Office of the Maine Attorney General, Motility said that on August 19, it identified unauthorised activity within its internal network. The software solution provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“An investigation determined that an unauthorised actor deployed malware that encrypted a portion of our systems. Although the malware primarily restricted our access to internal data, the forensic evidence suggests that, before encryption, the actor may have removed limited files containing customers’ personal data,” Motility said.

 

The compromised data included names, addresses, email addresses, phone numbers, dates of birth, social security numbers, and driver’s license numbers. The filing with the Maine state regulator’s office also states that Motility has identified 766,670 individuals affected by the incident.

 

While the software provider found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Norton LifeLock to all affected individuals.

 

 

 

Motility announced its data security incident after the Pear ransomware group claimed responsibility for a cyber attack on its parent company, Reynolds and Reynolds listing it as a victim on its data leak site. The group said it had obtained 4.3 TB of confidential data from Reynolds and Reynolds including personal records, financial data, various databases and threatened to release the entire database unless its ransom demands are met.

 

It’s unclear whether the company paid a ransom, how much Pear demanded, or how attackers breached Motility’s network.