Motility Software Solutions, a subsidiary of Reynolds & Reynolds, suffered a **ransomware attack by the PEAR group in August 2025**, compromising **766,670 individuals' sensitive data**, including **names, Social Security numbers, phone numbers, email addresses, dates of birth, and driver’s license numbers**. PEAR claimed to have stolen **4.3 TB of data**, including spreadsheets containing **customer and employee personal information**, and posted samples as proof. While Motility detected **malware encrypting parts of its systems**, forensic evidence suggested **data exfiltration occurred before encryption**. The company offered **12 months of free credit monitoring and identity theft protection** to victims but did not confirm ransom payment or the attack vector. PEAR, a **data-theft-focused ransomware gang**, does not encrypt files but relies on **extortion by threatening to leak or sell stolen data**. The breach exposed **both customer and employee records**, raising risks of identity theft and fraud. Reynolds & Reynolds stated its systems were **unaffected**, as the attack was isolated to Motility’s network. The incident highlights vulnerabilities in **third-party automotive dealership software**, potentially impacting downstream businesses and their clients.
TPRM report: https://www.rankiteo.com/company/motilityss
"id": "mot2293122100125",
"linkid": "motilityss",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 766670,
'industry': 'Automotive Technology',
'location': 'Maitland, Florida, USA',
'name': 'Motility Software Solutions',
'type': 'Software Company (Auto Dealership Solutions)'},
{'industry': 'Automotive Technology',
'name': 'Reynolds & Reynolds (Parent Company)',
'type': 'Corporate Parent'}],
'customer_advisories': ['Offer of 12 months free credit monitoring (Norton '
'Lifelock)'],
'data_breach': {'data_encryption': 'Partial (malware encrypted portions of '
'systems, but PEAR focuses on data theft '
'without encryption)',
'data_exfiltration': True,
'file_types_exposed': ['Spreadsheets (customer/employee data)',
'Documents'],
'number_of_records_exposed': 766670,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, driver’s license '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-08-19',
'description': 'Auto dealership software company Motility Software Solutions '
'notified 766,670 individuals of a data breach in August 2025. '
'The ransomware group PEAR claimed responsibility, stating it '
'stole 4.3 TB of data, including personal information such as '
'names, Social Security numbers, phone numbers, email '
'addresses, dates of birth, and driver’s license numbers. PEAR '
'posted images of allegedly stolen documents, including '
'spreadsheets of customer and employee data. Motility '
'confirmed unauthorized malware deployment and potential data '
'exfiltration before encryption. The company offered 12 months '
'of free credit monitoring and identity theft protection to '
'affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'large-scale data breach and public '
'disclosure by ransomware group',
'data_compromised': ['Names',
'Social Security numbers',
'Phone numbers',
'Email addresses',
'Dates of birth',
'Driver’s license numbers'],
'identity_theft_risk': 'High (PII including SSNs and driver’s '
'license numbers compromised)',
'operational_impact': 'Malware encrypted a portion of systems, '
'restricting internal data access; servers '
'taken offline for isolation and '
'investigation',
'systems_affected': ['Certain computer servers supporting business '
'operations']},
'initial_access_broker': {'high_value_targets': ['Customer and employee '
'personal data']},
'investigation_status': 'Ongoing (forensic investigation completed, but '
'details not fully disclosed)',
'motivation': 'Data Theft and Extortion',
'ransomware': {'data_encryption': 'No (PEAR does not encrypt data; focuses on '
'theft and extortion)',
'data_exfiltration': True,
'ransomware_strain': 'PEAR (Pure Extraction and Ransom)'},
'references': [{'source': 'Comparitech'},
{'source': 'Reynolds & Reynolds News Release'},
{'source': 'Motility Software Solutions Breach Notice'}],
'response': {'communication_strategy': ['Public notice to victims',
'Offer of 12 months free credit '
'monitoring and identity theft '
'protection (Norton Lifelock)',
'Deadline for enrollment: 2025-12-19'],
'containment_measures': ['Impacted servers taken offline to '
'isolate the incident'],
'incident_response_plan_activated': True,
'remediation_measures': ['Investigation into cause',
'Forensic analysis']},
'stakeholder_advisories': ['Public notice to 766,670 affected individuals'],
'threat_actor': 'PEAR (Pure Extraction and Ransom)',
'title': 'Motility Software Solutions Data Breach (August 2025)',
'type': ['Data Breach', 'Ransomware Attack (Data Theft)']}