Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents.
Scania told BleepingComputer that the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met.
Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The company, which is known for its durable fuel-efficient engines, employs over 59,000 people and has an annual revenue of $20.5 billion, selling over 100,000 vehicles yearly.
Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ who is selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.
Source: @H4ckmanac | X
Scania confirmed the breach to BleepingComputer, stating that their systems were breached on May 28, 2025, using an external IT partner’s credentials stolen by infostealer malware.
“We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner,” stated a Scania spokesperson.
“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
“Using the compromised account, documents related to insurance claims were downloaded.”
Insurance claim documents are likely to contain personal and possibly sensitive financial or medical data, so the incident could have a significant impact on those affected. At this time, the number of exposed individuals remains undefined.
The breach was followed by an extortion phase where the attackers contacted Scania employees directly using a @proton.me email address to extort the company, following up with the publication of samples of the stolen data on hacking forums.
“Early on the 30th (CEST) the attacker sent emails from proton.me to a number of Scania employees threatening to disclose the data.”
“A follow-up email with similar content came later from an unrelated 3rd party whose email had been compromised. The data was later leaked by an actor named Hensi.”
The compromised application is no longer reachable online, and an investigation into the incident has been launched.
Meanwhile, Scania told BleepingComputer that the breach had limited impact and that it notified privacy authorities regarding the incident.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
Source link
-
-
-
-
-
-
-
-
