Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents. Bleeping Computer has the details:
Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ who is selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.
Scania confirmed the breach to BleepingComputer, stating that their systems were breached on May 28, 2025, using an external IT partner’s credentials stolen by infostealer malware.
“We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner,” stated a Scania spokesperson.
“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
“Using the compromised account, documents related to insurance claims were downloaded.”
Commenting on this news is Erich Kron, Security Awareness Advocate at KnowBe4:
“Stolen credentials continue to be a significant security concern and were used in this attack. This outlines the need for additional account security such as MFA to help protect accounts. While it’s not a perfect solution, MFA, especially the type that is phishing resistant, can improve account security greatly. This is important not only for internal accounts, but also for external vendors and those outside of the organization that may occasionally need access. Victims whose information was stolen should be on high alert for the potential of social engineering scams that may reference this data and use it against them.”
This is yet another example where credential theft has led to something really bad happening. Things have to change so that these attacks are harder to pull off. And that change needs to happen quickly.
Like this:
Like Loading...
Related
This entry was posted on June 18, 2025 at 11:48 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Scania Pwned And The Threat Actors Are Looking To Get Paid
Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents. Bleeping Computer has the details:
Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ who is selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.
Scania confirmed the breach to BleepingComputer, stating that their systems were breached on May 28, 2025, using an external IT partner’s credentials stolen by infostealer malware.
“We can confirm there has been a security related incident in the application “insurance.scania.com”, the application is provided by an external IT partner,” stated a Scania spokesperson.
“On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
“Using the compromised account, documents related to insurance claims were downloaded.”
Commenting on this news is Erich Kron, Security Awareness Advocate at KnowBe4:
“Stolen credentials continue to be a significant security concern and were used in this attack. This outlines the need for additional account security such as MFA to help protect accounts. While it’s not a perfect solution, MFA, especially the type that is phishing resistant, can improve account security greatly. This is important not only for internal accounts, but also for external vendors and those outside of the organization that may occasionally need access. Victims whose information was stolen should be on high alert for the potential of social engineering scams that may reference this data and use it against them.”
This is yet another example where credential theft has led to something really bad happening. Things have to change so that these attacks are harder to pull off. And that change needs to happen quickly.
Share this:
Like this:
Related
This entry was posted on June 18, 2025 at 11:48 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.