Auto parts giant LKQ says cyberattack disrupted Canadian business unit

Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company.

LKQ is a public American company specializing in automotive replacement parts, components, and services to repair and maintain vehicles. The company has 45,000 employees in 25 countries and operates numerous brands, including Keystone, Tri Star, and ADL.

In a Friday evening FORM 8-K filing filed with the SEC, the company says one of its business units in Canada was breached on November 13, disrupting business operations.

“On November 13, 2024, LKQ Corporation (the “Company” or “we”) detected unauthorized access to information technology (IT) systems of a single business unit in Canada (“Business Unit”). The attack disrupted the Business Unit’s operations,” reads the LKQ Form 8-K filing.

“Upon discovery, we immediately began taking steps to investigate, contain, and recover from the incident, including activating our security incident response and recovery plans, partnering with industry leading forensic investigators, and initiating containment measures for affected systems. We also promptly notified law enforcement authorities. We are analyzing data impacted by the incident and will be notifying affected parties as appropriate.”

“As a result of the incident, the Company’s operations within this Business Unit were adversely impacted for a few weeks while affected systems were recovered; however, the Company believes that it has effectively contained the threat and that none of its other businesses were impacted by the threat, and the Business Unit is now operating near full capacity.”

The company says that they do not believe the incident will have any material impact on its financials or operations for the remainder of the fiscal year. LKQ says that they will seek reimbursement for costs and expenses stemming from the cyberattack from their cyber insurance company.

LKQ warns that its containment measures have caused some disruption within the breached business for a few weeks but has since restored operations.

No ransomware gangs or other threat actors have claimed responsibility for the attack.