Ransomware gang says it hacked BMW and Tesla parts maker JTEKT

Ransomware group BlackSuit yesterday claimed responsibility for an October 2024 data breach at JTEKT North America, an automotive manufacturing corporation whose customers include auto makers like BMW, Tesla, and Rivian.

BlackSuit says it stole 894 GB of data from JTEKT North America, the US arm of the Japanese company. JTEKT has not verified BlackSuit’s claim.

JTEKT said a third party gained unauthorized access to its network on October 10, 2024, and that it disconnected the affected devices.

A second report from the company confirmed customer information stored on JTEKT’s servers was compromised.

“We have confirmed that unauthorized access by a third party to the network of our US group company may have led to the leakage of customer information stored on the server,” the report reads.

Finally, JTEKT posted a third report confirming unauthorized access to systems in North America and South America. JTEKT disconnected systems in the Czech Republic and Germany as well but did not confirm that those locations were compromised.

JTEKT did not give details about the compromised customer data. We don’t know if JTEKT paid a ransom, how much BlackSuit demanded, or how attackers breached JTEKT’s network. Comparitech contacted JTEKT for comment and will update this article if it responds.

Who is BlackSuit?

BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.

BlackSuit has claimed responsibility for 54 confirmed ransomware attacks, plus 111 unconfirmed claims that were not acknowledged by targeted companies, according to our data.

In the last month alone, BlackSuit claimed responsibility for confirmed attacks on Gruppo Teddy (Italy), Kansas City Hospice and Palliative Care, Marysville Schools (OH), and the Cullman County Commission (LA).

Ransomware attacks on US manufacturing

Aside from data theft, ransomware can disrupt operations by locking down computer systems, from payroll to logistics. Ransomware attacks cause costly downtime and put people whose data was compromised at risk of identity theft and fraud.

In 2024 so far, Comparitech researchers logged 51 confirmed ransomware attacks on US manufacturers, plus 339 unconfirmed claims.

Some of the biggest such attacks include those on Microchip Technology and Keytronic, which cost them $21.4 million and $17.3 million in downtime, respectively.

Other recently confirmed ransomware attacks on US manufacturers include Akira’s claim on ShoreMaster (August) and Play’s claim on American Gypsum (June).

About JTEKT North America

JTEKT is a Japanese automotive parts manufacturing corporation owned by Toyota Group. It makes machine tools and components like bearings and gears for auto makers like BMW, GM, Toyota, Volkswagen, Nissan, Tesla, Caterpillar, and Rivian.

JTEKT North America is a separate legal entity that reports to the CEO in Japan.