Cyberattacks Surge in the Automotive Industry: Key Incidents from 2024–2025 The automotive sector has become a prime target for cybercriminals, with attacks ranging from ransomware extortion to large-scale data breaches exposing sensitive customer and operational data. Between 2024 and 2025, major automakers, suppliers, and rental companies faced significant disruptions, underscoring the industry’s vulnerability to digital threats. ### Dark Web Trends: U.S. Dominates as Top Target Dark web activity reveals the U.S. as the most discussed and targeted market, accounting for 23% of automotive-related posts, followed by France (8%) and India (7%). While automobile dealers represent less than 1% of dark web chatter, broader sectors like finance, retail, and technical services many tied to automotive operations remain high-risk targets. ### Major Breaches and Ransomware Attacks - Avis Rent a Car (August 2024): Hackers accessed a business application, exposing 299,006 customers’ personal data, including driver’s licenses, credit card details, and contact information. - Toyota (2024–2025): A third-party breach led to the leak of 240GB of data, including employee records, financial documents, and network credentials. The ZeroSevenGroup claimed responsibility, using ADRecon to map Active Directory environments. Toyota emphasized its systems were not directly compromised. - Kawasaki Motors Europe (September 2024): The RansomHub group stole 487GB of sensitive data after a failed ransomware attack, later dumping the files online when Kawasaki refused to pay. - Volkswagen’s Cariad (November 2024): A cloud misconfiguration exposed terabytes of data, including geolocation records from 800,000 vehicles, some linked to German police and intelligence personnel. Researchers traced the breach to an unsecured AWS memory dump. - Hertz (February 2025): The Clop ransomware gang exploited vulnerabilities in Cleo software, accessing customer data between October–December 2024. Over 3,400 Maine residents were affected, though the full scope remains undisclosed. - Scania (May 2025): Hackers stole insurance claim documents using compromised credentials from an IT partner, later attempting extortion. The data was later offered for sale on the dark web. - Cycle & Carriage (July 2024): A Singapore-based dealer suffered a breach affecting 147,000 customers, with 2% of records containing NRIC numbers and deposit details. - Nissan’s Creative Box Inc. (August 2025): The Qilin ransomware gang stole 4TB of design data, including 3D car models and internal documents, threatening to leak them to competitors. - Jaguar Land Rover (August–September 2025): A cyberattack forced the automaker to halt production at multiple plants, disrupting shipments and dealership operations. While no customer data was compromised, the incident caused widespread operational delays. ### Impact and Industry Response These incidents highlight the automotive sector’s expanding attack surface, from third-party vulnerabilities to cloud misconfigurations and ransomware extortion. Companies have responded with containment measures, forensic investigations, and enhanced security protocols, but the frequency and severity of attacks continue to rise. The financial and operational fallout including production halts, data leaks, and reputational damage underscores the urgent need for stronger cybersecurity defenses across the industry.

Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents. The attackers then threatened to leak the data online unless their demands were met. The incident could have a significant impact on those affected, as insurance claim documents likely contain personal and possibly sensitive financial or medical data. The compromised application is no longer reachable online, and an investigation into the incident has been launched.