On June 13, 2023, ransomware group 8Base exposed evidence of a significant data breach targeting a large Midwestern automotive group. The ransomware group claims to have executed a successful campaign that resulted in the theft of 350 gigabytes of data, including 8,000 lines of customer and employee social security numbers, as well as other sensitive data including financial statements, driver’s licenses, and addresses.
8Base has been active since April 2022 and has already victimized a total of 67 organizations. The victims tend to be in the Professional/Scientific/Technical sector and are small to midsized companies. Additional information about 8Base can be found on Malwarebytes’ June 2023 Ransomware review[1].
This breach occurred just after the FTC Safeguards June 9, 2023 deadline[2]. This deadline mandates nonbanking financial institutions (including auto dealers) to implement measures to safeguard customer information. Despite the passing of the deadline, the FTC has not yet made any public statements, so it is not yet clear whether enforcement action is on the horizon.
According to 8Base, the automotive group was notified about the attack and is being given the opportunity to cooperate and protect its sensitive data until June 18, 2023. If the ransom is paid, 8Base alleges that they will not expose the breached data. If the ransom is not paid soon, 8Base plans to publicly release the victim’s data. Below, the full message posted on 8Base’s darkweb site provides more detailed information about the attack and their claims.
This incident serves as a reminder to the automotive industry that it is quickly becoming a prime target of ransomware groups because of the sensitive customer data that is maintained. Implementing best practice cyber security measures to protect customer data, especially measures that are in line with the FTC Safeguards requirements, are a critical step in lowering the risk of a data breach.
[1] https://www.malwarebytes.com/blog/threat-intelligence/2023/06/ransomware-review-june-2023
[2] https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314
