Scania data breach exposes confidential information from Financial Services Systems

Swedish automotive giant Scania said the data security incident it suffered recently compromised confidential data related to its Financial Services systems.

 

Scania, a major Swedish manufacturer of trucks, buses, and engines, is part of the Volkswagen Group. Scania Financial Services offers financial and risk management support, while Scania Insurance provides coverage for motor, fleet, goods in transit, liability, and legal expenses.

 

 

On June 12, a threat actor using the alias “hensi” claimed to have infiltrated Scania’s insurance domain and exfiltrated sensitive data. The actor uploaded 34,000 files, intending to sell them to a single buyer, and shared sample images of the stolen data to validate its claims.

 

While initially Scania did not share details of the data security incident, in a statement shared with BleepingComputer, a Scania spokesperson said that on May 28, threat actors used compromised credentials to breach its Financial Services systems and stole insurance claim documents.

 

We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner.

 

“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.

 

“Using the compromised account, documents related to insurance claims were downloaded,” a Scania spokesperson said.

 

The breach was followed by an extortion phase, where the attackers contacted Scania employees via a @proton.me email address to demand payment. They also published samples of the stolen data on hacking forums to pressure the company.

 

“Early on the 30th (CEST) the attacker sent emails from proton.me to a number of Scania employees threatening to disclose the data.

 

“A follow-up email with similar content came later from an unrelated 3rd party whose email had been compromised. The data was later leaked by an actor named Hensi,” the spokesperson added.

 

Scania has notified relevant law enforcement authorities about the incident and is working with them to resolve the same.