Mullinax Ford of Central Florida Discloses 2025 Data Breach Impacting Sensitive Customer Information
Mullinax Ford of Central Florida, a Ford dealership in Apopka, Florida, reported a data breach that exposed sensitive personal information following a late-2025 cyberattack. The incident was disclosed to the Maine Attorney General on April 15, 2026, after the dealership detected suspicious activity on December 27, 2025.
On February 1, 2026, the ransomware group DragonForce claimed responsibility for the attack in a dark web posting, asserting it had exfiltrated 294.65 GB of the dealership’s data. A forensic investigation revealed that an unauthorized actor accessed Mullinax Ford’s systems between December 4 and December 25, 2025, copying stored files during that period.
The breach exposed personal data, including names, Social Security numbers, and driver’s license numbers. Mullinax Ford completed a review of affected documents in March 2026 and began notifying impacted individuals in writing on April 15, 2026.
In response, the dealership is offering 24 months of complimentary identity monitoring through Kroll, including credit monitoring, fraud consultation, and identity theft restoration services. Affected individuals must enroll by the deadline specified in their notification letters. Mullinax Ford has also established a dedicated phone line (844-403-4581) and mailing address (1551 E. Semoran Blvd., Apopka, FL 32703) for inquiries.
Source: https://www.claimdepot.com/data-breach/mullinax-ford-2026
Mullinax Ford cybersecurity rating report: https://www.rankiteo.com/company/mullinax-automotive
"id": "MUL1776364234",
"linkid": "mullinax-automotive",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Automotive',
'location': 'Apopka, Florida, USA',
'name': 'Mullinax Ford of Central Florida',
'type': 'Automotive Dealership'}],
'customer_advisories': '24 months of complimentary identity monitoring '
'through Kroll; enrollment deadline specified in '
'notification letters',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security Numbers',
'Driver’s License Numbers']},
'date_detected': '2025-12-27',
'date_publicly_disclosed': '2026-04-15',
'description': 'Mullinax Ford of Central Florida reported a data breach that '
'exposed sensitive personal information following a late-2025 '
'cyberattack. The ransomware group DragonForce claimed '
'responsibility, exfiltrating 294.65 GB of data. The breach '
'exposed names, Social Security numbers, and driver’s license '
'numbers.',
'impact': {'data_compromised': '294.65 GB', 'identity_theft_risk': 'High'},
'investigation_status': 'Completed (Forensic Investigation)',
'motivation': 'Data Exfiltration, Extortion',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Maine Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General'},
'response': {'communication_strategy': 'Written notifications to affected '
'individuals',
'third_party_assistance': 'Kroll (Identity Monitoring)'},
'threat_actor': 'DragonForce',
'title': 'Mullinax Ford of Central Florida Data Breach',
'type': 'Data Breach, Ransomware'}