For Sale: Data Stolen From Volvo 

Uploaded on 2023-01-18 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Hackers have been detected selling data on a criminal forum, claiming that it was stolen from Swedish vehicle manufacturer Volvo.

The car maker has acknowledged the breach, which appears to have been perpetrated by a new ransomware gang using a malware tool known as Endurance The hackers claim to have used the Endurance tool to obtain data associated with an attack on US government agencies.

Screenshots leaked to the Dark Web in December, presumably to verify the source of the stolen data, includes internal documents related to telematics on vehicles made for police, internal presentations, project management dashboards, and car part schematics. Some of these screenshots display various dates in 2022, including late December, which suggests that the breach could be recent.

The data listed for sale includes information on future vehicle models, development systems, and employee information at the price of $2,500 in the Monero crypto currency. The hackers allege that a ransom payment was not demanded because they assumed that Volvo would not pay. 

If a breach is confirmed, it remains to be seen if the data actually comes from Volvo or from a third party - one of the users whose name is displayed in a project management dashboard appears to be an employee at Volvo and reportedly matches their LinkedIn profile.

Volvo says it, “is conducting its own investigation and working with third-party specialist to investigate the property theft... The company does not see, with currently available information, that this has an impact on the safety or security of its customers' cars or their personal data.”

 Volvo:      NCSC:     AutoEvolution:    Oodaloop:      Security Week:       Techmonitor:   Bleeping Comuter:

You Might Also Read: 

Hacked Vehicle Owner Database For Sale:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NHS Is The Most Phished Government Organisation
Building An Identity-First Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

King & Spalding

King & Spalding

King & Spalding is an international law firm with offices in the United States, Europe and the Middle East. Practice areas include Data, Privacy & Security.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

ERPScan

ERPScan

ERPScan’s primary mission is to provide Smart solutions to assess and protect ERP systems and business-critical applications from both cyber-attacks and internal fraud.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

InferSight

InferSight

InferSight can help you design an architecture that takes into account security, performance, availability, functionality, resiliency and future capacity to avoid technological lock in and limitations

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.