Motility Software Solutions

Motility Software Solutions, a provider of car dealership management software (DMS), suffered a ransomware attack on August 11, 2025, discovered a week later. The attack encrypted critical IT infrastructure, but forensic evidence revealed that threat actors exfiltrated sensitive customer data before deployment. Compromised data includes full names, postal addresses, email addresses, phone numbers, dates of birth, Social Security Numbers (SSNs), and driver’s license numbers, affecting 766,670 individuals.The company restored services using backups and implemented mitigation measures, including dark web monitoring, legal counsel engagement, and free identity theft protection for victims. While no evidence suggests the stolen data has been misused yet, the exposure poses severe risks, such as identity theft, financial fraud, phishing, and unauthorized access to healthcare or government services. The attack underscores the vulnerability of specialized SaaS platforms handling high-value personal data.

Source: https://www.techradar.com/pro/security/major-data-breach-at-dealership-software-firm-exposes-766-000-clients-heres-what-we-know

TPRM report: https://www.rankiteo.com/company/motilityss

"id": "mot3792237100225",
"linkid": "motilityss",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 766670,
                        'industry': ['automotive software',
                                     'dealership management systems (DMS)'],
                        'name': 'Motility Software Solutions',
                        'type': 'private company'}],
 'customer_advisories': ['free identity theft protection (1 year) offered to '
                         'victims'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'number_of_records_exposed': 766670,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (PII, government-issued IDs)',
                 'type_of_data_compromised': ['full names',
                                              'postal addresses',
                                              'email addresses',
                                              'phone numbers',
                                              'dates of birth',
                                              'Social Security Numbers (SSNs)',
                                              'driver’s license numbers']},
 'date_detected': '2025-08-19',
 'description': 'Motility Software Solutions, a provider of car dealership '
                'management software (DMS), suffered a ransomware attack on '
                'August 11, 2025, detected a week later on August 19, '
                '2025. The attack encrypted internal data and exfiltrated '
                'sensitive customer information, including SSNs, driver’s '
                'licenses, and full contact details, affecting 766,670 '
                'individuals. The company restored services using backups, '
                'implemented dark net monitoring, and offered free identity '
                'protection to victims. No evidence of data misuse was '
                'reported at the time of disclosure.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of 766,670 records',
            'data_compromised': True,
            'downtime': True,
            'identity_theft_risk': 'High (SSNs, driver’s licenses, PII '
                                   'exposed)',
            'operational_impact': 'Restored via backups; services disrupted '
                                  'temporarily',
            'systems_affected': ['internal servers',
                                 'IT infrastructure (partial)']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Potential (no '
                                                    'confirmation of misuse at '
                                                    'disclosure time)',
                           'high_value_targets': ['customer PII databases']},
 'investigation_status': 'Ongoing (forensic evidence suggests limited data '
                         'exfiltration)',
 'motivation': ['financial gain', 'data theft'],
 'post_incident_analysis': {'corrective_actions': ['dark net monitoring',
                                                   'enhanced security measures '
                                                   '(unspecified)']},
 'ransomware': {'data_encryption': True, 'data_exfiltration': True},
 'references': [{'source': 'BleepingComputer'}, {'source': 'TechRadar Pro'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
                                                        'General']},
 'response': {'communication_strategy': ['filing with Maine Attorney General',
                                         'public announcement'],
              'containment_measures': ['dark net monitoring',
                                       'forensic investigation'],
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'recovery_measures': ['free identity theft protection (1 year) '
                                    'for victims'],
              'remediation_measures': ['restored services from backups'],
              'third_party_assistance': ['counsel', 'data security providers']},
 'title': 'Motility Software Solutions Ransomware Attack Exposes Sensitive '
          'Data of 766,000+ Customers',
 'type': ['ransomware', 'data breach']}

Motility Software Solutions

Bendigo and District Aboriginal Co-operative: Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims

Gulfstream Services and Inc.: Gulfstream Aerospace Data Breach Lawsuit Investigation

Change Healthcare: MSN