North Carolina car dealership chain hacked, breach claimed by ransomware gang

North Carolina car dealership chain Modern Automotive Network this week confirmed it notified an undisclosed number of people about a July 2024 data breach.

The company did not publicly disclose what personal info was compromised, but it is offering victims free credit monitoring. That usually implies Social Security numbers and/or other information that could be used for identity fraud were among the stolen data.

Ransomware gang BlackByte claimed responsibility for the attack shortly after it occurred. To prove its claim, the group posted images of what it says are stolen files and directories from Modern Auto’s company data.

Modern Auto has not verified BlackByte’s claim.

The company’s notice (PDF) to victims states, “From July 7 to July 8, 2024, we experienced a data security incident resulting in unauthorized access to our company data.”

The notice does not state if the breached personal information belongs to customers or employees. We do not yet know whether Modern Auto paid a ransom, how much BlackByte demanded, or how attackers breached the company’s network. Comparitech contacted Modern Auto for comment and will update this article if it replies.

Who is BlackByte?

BlackByte is a ransomware gang that first started posting attack claims to its leak site in 2021. It operates a ransomware-as-a-service business in which customers pay to use BlackByte’s malware and infrastructure to launch attacks and collect ransoms. The ransomware both steals and encrypts data, forcing victims to pay both for a key to unlock their systems and for BlackByte to not sell or publish stolen data. The group is most likely based in Russia, as it avoids attacking Russian organizations.

BlackByte has claimed 31 confirmed ransomware attacks since 2021. Its average ransom demand is $375,000.

The group claimed two other confirmed attacks in 2024: one on the Encina, CA wastewater authority in February, an another on the city of Newburgh, NY in July.

Ransomware attacks on US retail

Ransomware attacks on US retailers can both steal data and lock down computer systems. For car dealerships, that means losing access to stored documents, contracts, payroll, email, payment, and other software critical to day-to-day operations. Dealerships are forced to pay a ransom or face data loss, extended downtime, an expensive recovery, and putting data subjects at increased risk of fraud.

Comparitech researchers logged 22 confirmed ransomware attacks on US retailers in 2024, compromising 282,666 records. The average ransom was $720,000. Some of the biggest such attacks were on MarineMax (123,000 records), My Daily Choice (89,000), and David’s Bridal (46,000).

About Modern Automotive Network

Modern Automotive Network, or Modern Auto, is a chain of car dealerships in North Carolina with locations in Boone, Cornelius, Concord, Winston-Salem, and Greensboro. It employs more than 1,000 people, according to its LinkedIn profile.