- An external IT partner to Scania lost its login credentials through an infostealer
- The hackers used the password to access Scania and steal files
- They asked the company for money, and later offered the archive for sale
Swedish automotive manufacturer Scania has confirmed suffering a cyberattack which saw it lose sensitive customer data.
Security researchers Hackmanac found a new thread on a dark web forum, in which a database allegedly stolen from ‘insurance.scania.com’ was being offered for sale to an exclusive buyer for an unknown sum of money.
“hi guys. we hacked new target and selling full attachment of ‘insurance.scania.com’. Full attached files is 34,000 and first time hacked + just will 1 hand sell,” the ad, published in both English and Russian, reads. “few pic attached with remarks (for no one cant copy and scam people).”
Supply chain attack
After the thread was posted, Scania confirmed the authenticity of the claims, saying it was breached in late May 2025 as part of a supply chain attack which originated at an external IT partner.
“We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner,” a Scania spokesperson said.
“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
“Using the compromised account, documents related to insurance claims were downloaded.”
Although the company did not detail what information was found in the stolen files, it’s safe to assume that it is sensitive, possibly financial, or medical. The number of affected individuals is also unknown for now.
After stealing the archives, the threat actor tried to extort Scania for money, reaching out on multiple occasions and demanding a ransom. Since it ended up offering the database for sale on the dark web, we can assume that the company declined the generous offer.
Via BleepingComputer
