Eagers Automotive (ASX: APE) has announced today it is looking into claims that hackers have published data online of a cybersecurity breach that was detected by the automotive retail giant almost three months ago.
The Brisbane-based company is one of the nation’s largest car dealerships, operating more than 250 locations across Australia and New Zealand which collectively service around one million vehicles each year.
In a statement to the ASX, the company confirmed it was recently made aware that a third party claimed to have published the stolen data online, but did not disclose to shareholders how many customers may have been impacted.
“The company has become aware of a claim by the third party suggesting it has published data online that it alleges was removed from the company’s IT environment,” Eagers Automotive said in an update to investors.
“Eagers Automotive is investigating this claim as part of its ongoing response, which is expected to take some time to complete.
“The company will continue to monitor for any further claims of the publication of data removed from its IT environment.”
The incident was initially announced to the market in late 2023, prompting the company to enter a trading halt and engage with external experts who would start an investigation into the hack.
At the time, Eagers said the disruption was primarily impacting its ability to finalise transactions for certain new vehicles which had been sold and were ready for delivery, as well as some aspects of the company’s service and parts operations.
A few days after the incident was made public, the automotive retail group confirmed it was in the process of notifying a small number of individuals who may face serious risk of data misuse.
"If the company detects that any further personal information has been impacted, affected individuals will be notified in accordance with the company’s obligations and Eagers Automotive will provide support and guidance,” Eagers Automotive added.
Eager Automotives said the financial impact of the cyber incident is not expected to be material for the 2024 financial year.
The company is continuing to work with government agencies to investigate the issue, including the Office of the Australian Information Commissioner, Department of Home Affairs and the Australian Cyber Security Centre.
The incident comes after several companies were impacted by security breaches last year, including private health insurer Medibank (ASX: MPL),fintech Latitude (ASX: LFS),specialist investors FIIG Securities, enterprise software company TechnologyOne (ASX: TNE), and more.
Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support