- 790
- 211
Swedish company Scania, part of the Volkswagen Group and specializing in the production of trucks, buses, industrial and marine engines, as well as the provision of related services, has suffered a hack and data leak.
Late last week, researchers at Hackmanac noticed a message on a hacker forum written by a person with the nickname hensi. He claimed to be selling data stolen from the website insurance.scania.com, offering the dump to a single, exclusive buyer.
This week, Scania representatives confirmed to Bleeping Computer that the company suffered a hacker attack on May 28, 2025. The attackers used compromised credentials stolen from an unnamed IT partner of the company using an infostealer. As a result, they gained access to Financial Services systems and also stole documents on insurance claims.
The attackers then sent emails to several Scania employees from the @proton.me address, threatening to distribute the stolen data online unless they were paid a ransom. The attackers also published samples of the stolen data on hacker forums.
[td]"We can confirm that there has been a security incident at insurance.scania.com. The application is provided by an external IT partner," Scania said. "On 28 and 29 May, attackers used the credentials of a legitimate external user to gain access to an insurance-related system. We suspect that these credentials were stolen by password-stealing malware. The compromised account was used to download documents related to insurance claims."[/td]Journalists note that the stolen documents may contain personal, as well as confidential financial and medical data, and this incident may have significant consequences for the victims. At the moment, the number of victims of this attack has not yet been determined, and the investigation into the incident is ongoing.
Late last week, researchers at Hackmanac noticed a message on a hacker forum written by a person with the nickname hensi. He claimed to be selling data stolen from the website insurance.scania.com, offering the dump to a single, exclusive buyer.
This week, Scania representatives confirmed to Bleeping Computer that the company suffered a hacker attack on May 28, 2025. The attackers used compromised credentials stolen from an unnamed IT partner of the company using an infostealer. As a result, they gained access to Financial Services systems and also stole documents on insurance claims.
The attackers then sent emails to several Scania employees from the @proton.me address, threatening to distribute the stolen data online unless they were paid a ransom. The attackers also published samples of the stolen data on hacker forums.