D’Ambrosio Dodge Data Breach Exposes Customer and Employee Personal Information
D’Ambrosio Dodge Inc., an automotive dealership in Downingtown, Pennsylvania, disclosed a data breach affecting the personal information of customers and employees. The incident was first detected on November 24, 2025, when unusual activity was identified in the company’s computer systems. An investigation was launched, and a third-party forensic firm was engaged to assess the scope of the breach.
On December 12, 2025, the ransomware group Qilin claimed responsibility, posting on the Tor network that it had obtained data from the Jeff D’Ambrosio Auto Group. The forensic investigation concluded on January 21, 2026, identifying potentially compromised files, with a detailed review confirming the exposure of personal data by March 16, 2026.
The breach exposed sensitive information, including names, addresses, and government ID numbers. While the exact number of affected individuals was not disclosed, the company notified regulators in Maine and Vermont on May 5, 2026, and sent written notices to impacted consumers the same day.
In response, D’Ambrosio Dodge offered free identity theft protection services through IDX, including credit monitoring, CyberScan monitoring, a $1 million insurance reimbursement policy, and identity recovery assistance. Affected individuals were given 12 or 24 months of coverage, with enrollment available until August 5, 2026. The company also advised monitoring financial accounts for suspicious activity.
Source: https://www.claimdepot.com/data-breach/dambrosio-dodge-2026
DAmbrosio Dodge Inc cybersecurity rating report: https://www.rankiteo.com/company/dambrosio-dodge-inc
Jeff D'Ambrosio Auto Group cybersecurity rating report: https://www.rankiteo.com/company/jeff-dambrosio-auto-group
"id": "DAMJEF1778092431",
"linkid": "dambrosio-dodge-inc, jeff-dambrosio-auto-group",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Automotive',
'location': 'Downingtown, Pennsylvania, USA',
'name': 'D’Ambrosio Dodge Inc.',
'type': 'Automotive Dealership'}],
'customer_advisories': 'Free identity theft protection services offered '
'through IDX, including credit monitoring, CyberScan '
'monitoring, $1 million insurance reimbursement '
'policy, and identity recovery assistance. Enrollment '
'available until 2026-08-05.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, addresses, '
'government ID numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Information'},
'date_detected': '2025-11-24',
'date_publicly_disclosed': '2025-12-12',
'date_resolved': '2026-03-16',
'description': 'D’Ambrosio Dodge Inc., an automotive dealership in '
'Downingtown, Pennsylvania, disclosed a data breach affecting '
'the personal information of customers and employees. The '
'ransomware group Qilin claimed responsibility and posted '
'stolen data on the Tor network.',
'impact': {'data_compromised': 'Names, addresses, government ID numbers',
'identity_theft_risk': 'High'},
'investigation_status': 'Completed',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'recommendations': 'Monitor financial accounts for suspicious activity, '
'enroll in identity theft protection services',
'references': [{'source': 'Company Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine and Vermont '
'regulators notified on '
'2026-05-05'},
'response': {'communication_strategy': 'Notices sent to regulators and '
'affected individuals',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Forensic firm engaged'},
'threat_actor': 'Qilin',
'title': 'D’Ambrosio Dodge Data Breach Exposes Customer and Employee Personal '
'Information',
'type': 'Data Breach, Ransomware'}