Eagers Automotive, Australia’s largest car dealer, has confirmed that some of its customer data has been published online by hackers who breached its IT system in late December 2023. The company said it was working with authorities and experts to contain the incident and protect its customers.
The cyberattack occurred on December 27, 2023, when hackers gained access to parts of Eagers Automotive’s IT system and disrupted its operations. The company, which operates over 200 car dealerships across Australia and New Zealand, said it immediately notified the relevant authorities and engaged external experts to investigate and respond to the incident.
Eagers Automotive also requested a trading halt on the Australian Securities Exchange (ASX) on December 29, 2023, pending an update on the impact of the cyberattack. The company resumed trading on January 3, 2024, after providing a preliminary assessment of the incident.
According to the company, the cyberattack affected some of its administrative and operational systems, but did not compromise its core dealership management system, which handles sales, service, and parts transactions. The company said it was able to continue its business operations with minimal disruption, using manual processes and backup systems where necessary.
Hackers Published Customer Data Online
Eagers Automotive also confirmed that some of its data had been stolen by the hackers, who claimed to be part of a group called “REvil”. The hackers published some of the stolen data on a website on the dark web, which is a part of the internet that is not accessible by conventional browsers and requires special software to access.
The published data included personal information of some of Eagers Automotive’s customers, such as names, addresses, phone numbers, email addresses, and vehicle details. The hackers also threatened to release more data if the company did not pay a ransom.
Eagers Automotive said it was contacting the affected customers and offering them support and assistance. The company also advised its customers to be vigilant and report any suspicious or fraudulent activity to the authorities.
Eagers Automotive Working to Restore and Secure its IT System
Eagers Automotive said it was working to restore and secure its IT system, as well as to prevent any further data breaches. The company said it had engaged leading cyber security experts to assist with the investigation and remediation of the incident, as well as to enhance its cyber security measures and protocols.
The company also said it was cooperating with the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and the Australian Federal Police (AFP), who were conducting their own investigations into the incident.
Eagers Automotive CEO Keith Thornton said the company was taking the cyberattack very seriously and was committed to protecting its customers and stakeholders. He also thanked the company’s staff, suppliers, and partners for their support and resilience during the challenging time.