Automotive legendary scania confirmed that it faced a cyber security incident, where danger actors used credentials compromised to dissolve their financial services systems and steal insurance claims.
Scania told Bleepingcomputer that the attackers emailed several scania employees, until their demands were met, threatened to leak the data online.
Scania is a major Swedish manufacturer of heavy trucks, buses and industrial and maritime engines and is a member of the Volkswagen Group.
The company, which is known for its durable fuel-skilled engines, employs 59,000 people And the annual revenue is $ 20.5 billion, which sells more than 100,000 vehicles annually.
At the end of last week, Danger Monitoring Forum Hacmist saw A hacking forum post by a danger actor called ‘Hency’, which is selling data, claimed that he has stolen from ‘Insurance.Scania.com’, which offers it to a single special buyer.
Source: @h4ckmanac | X
Scania confirmed the violation of the Blapping communal, stating that their system was dissolved on May 28, 2025, using the credentials of an external IT partner stolen by Infoselor Malware.
“We can confirm that there is a safety incident” Insurance.Scania.com “,” we can confirm “Insurance.Scania.com”, “a scania spokesman said.
“On 28th and 29 May, a criminal used credentials for a legitimate external user to get access to the system used for insurance purposes; our current belief is that credentials used by the offender were leaked by a password steeler malware.”
“Documents related to insurance claims were downloaded, using the compromised account.”
Insurance claim documents are likely to include individual and possibly sensitive financial or medical data, so this phenomenon may have significant effects on people affected. At this time, the number of exposed individuals remains undefined.
A forced recovery phase was followed after the breech, where the attackers approached the scania employees directly after publishing samples of data stolen on Hacking Forum, using @proton.me email address directly to the company.
“At the beginning of the 30th, the attacker sent emails from the proton.
“A follow -up email with a similar material later came from an unrelated 3 party, which was signed an email agreement. The data was later leaked by an actor named Hissi.”
The agreement made is no longer available online, and the investigation of the incident has been initiated.
Meanwhile, Scania told Bleepingcomputer that Breech had a limited effect and informed the privacy authorities about the incident.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
