Cyberattacks Surge in the Automotive Industry: Key Incidents from 2024–2025
The automotive sector has become a prime target for cybercriminals, with attacks ranging from ransomware extortion to large-scale data breaches exposing sensitive customer and operational data. Between 2024 and 2025, major automakers, suppliers, and rental companies faced significant disruptions, underscoring the industry’s vulnerability to digital threats.
Dark Web Trends: U.S. Dominates as Top Target
Dark web activity reveals the U.S. as the most discussed and targeted market, accounting for 23% of automotive-related posts, followed by France (8%) and India (7%). While automobile dealers represent less than 1% of dark web chatter, broader sectors like finance, retail, and technical services many tied to automotive operations remain high-risk targets.
Major Breaches and Ransomware Attacks
- Avis Rent a Car (August 2024): Hackers accessed a business application, exposing 299,006 customers’ personal data, including driver’s licenses, credit card details, and contact information.
- Toyota (2024–2025): A third-party breach led to the leak of 240GB of data, including employee records, financial documents, and network credentials. The ZeroSevenGroup claimed responsibility, using ADRecon to map Active Directory environments. Toyota emphasized its systems were not directly compromised.
- Kawasaki Motors Europe (September 2024): The RansomHub group stole 487GB of sensitive data after a failed ransomware attack, later dumping the files online when Kawasaki refused to pay.
- Volkswagen’s Cariad (November 2024): A cloud misconfiguration exposed terabytes of data, including geolocation records from 800,000 vehicles, some linked to German police and intelligence personnel. Researchers traced the breach to an unsecured AWS memory dump.
- Hertz (February 2025): The Clop ransomware gang exploited vulnerabilities in Cleo software, accessing customer data between October–December 2024. Over 3,400 Maine residents were affected, though the full scope remains undisclosed.
- Scania (May 2025): Hackers stole insurance claim documents using compromised credentials from an IT partner, later attempting extortion. The data was later offered for sale on the dark web.
- Cycle & Carriage (July 2024): A Singapore-based dealer suffered a breach affecting 147,000 customers, with 2% of records containing NRIC numbers and deposit details.
- Nissan’s Creative Box Inc. (August 2025): The Qilin ransomware gang stole 4TB of design data, including 3D car models and internal documents, threatening to leak them to competitors.
- Jaguar Land Rover (August–September 2025): A cyberattack forced the automaker to halt production at multiple plants, disrupting shipments and dealership operations. While no customer data was compromised, the incident caused widespread operational delays.
Impact and Industry Response
These incidents highlight the automotive sector’s expanding attack surface, from third-party vulnerabilities to cloud misconfigurations and ransomware extortion. Companies have responded with containment measures, forensic investigations, and enhanced security protocols, but the frequency and severity of attacks continue to rise. The financial and operational fallout including production halts, data leaks, and reputational damage underscores the urgent need for stronger cybersecurity defenses across the industry.
Source: https://socradar.io/blog/major-cyber-attacks-targeting-automotive-industry-2025/
Nissan Motor Corporation cybersecurity rating report: https://www.rankiteo.com/company/nissan-motor-corporation
Scania Group cybersecurity rating report: https://www.rankiteo.com/company/scania
Toyota Motor Corporation cybersecurity rating report: https://www.rankiteo.com/company/toyota
Volkswagen Group cybersecurity rating report: https://www.rankiteo.com/company/volkswagen-group
Kawasaki Heavy Industries, Ltd. cybersecurity rating report: https://www.rankiteo.com/company/kawasaki-heavy-industries
Aviso cybersecurity rating report: https://www.rankiteo.com/company/aviso
JLR North America cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover-north-america
"id": "NISSCATOYVOLKAWAVIJAG1775680268",
"linkid": "nissan-motor-corporation, scania, toyota, volkswagen-group, kawasaki-heavy-industries, aviso, jaguar-land-rover-north-america",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '299,006',
'industry': 'automotive',
'location': 'U.S.',
'name': 'Avis Rent a Car',
'type': 'rental company'},
{'industry': 'automotive',
'location': 'global',
'name': 'Toyota',
'type': 'automaker'},
{'industry': 'automotive',
'location': 'Europe',
'name': 'Kawasaki Motors Europe',
'type': 'automaker/supplier'},
{'customers_affected': '800,000 vehicles (geolocation '
'data)',
'industry': 'automotive',
'location': 'Germany',
'name': 'Volkswagen’s Cariad',
'type': 'automaker/tech subsidiary'},
{'customers_affected': '3,400+ (Maine residents)',
'industry': 'automotive',
'location': 'U.S.',
'name': 'Hertz',
'type': 'rental company'},
{'industry': 'automotive',
'name': 'Scania',
'type': 'automaker/supplier'},
{'customers_affected': '147,000',
'industry': 'automotive',
'location': 'Singapore',
'name': 'Cycle & Carriage',
'type': 'automotive dealer'},
{'industry': 'automotive',
'name': 'Nissan’s Creative Box Inc.',
'type': 'automaker/design subsidiary'},
{'industry': 'automotive',
'location': 'global',
'name': 'Jaguar Land Rover',
'type': 'automaker'}],
'attack_vector': ['exploited vulnerabilities',
'compromised credentials',
'third-party breach',
'cloud misconfiguration'],
'data_breach': {'data_encryption': ['Yes (ransomware cases)'],
'data_exfiltration': ['Yes'],
'file_types_exposed': ['driver’s licenses',
'credit card details',
'NRIC numbers',
'3D car models',
'design documents'],
'number_of_records_exposed': ['299,006 (Avis)',
'240GB (Toyota)',
'487GB (Kawasaki)',
'terabytes (Volkswagen)',
'4TB (Nissan)'],
'personally_identifiable_information': ['driver’s licenses',
'credit card details',
'NRIC numbers',
'contact information'],
'sensitivity_of_data': ['high'],
'type_of_data_compromised': ['personal data',
'employee records',
'financial documents',
'network credentials',
'geolocation records',
'insurance claim documents',
'3D car models',
'internal documents']},
'description': 'The automotive sector has become a prime target for '
'cybercriminals, with attacks ranging from ransomware '
'extortion to large-scale data breaches exposing sensitive '
'customer and operational data. Between 2024 and 2025, major '
'automakers, suppliers, and rental companies faced significant '
'disruptions, underscoring the industry’s vulnerability to '
'digital threats.',
'impact': {'brand_reputation_impact': ['reputational damage'],
'data_compromised': ['personal data',
'employee records',
'financial documents',
'network credentials',
'geolocation records',
'insurance claim documents',
'3D car models',
'internal documents'],
'downtime': ['production halts', 'operational delays'],
'identity_theft_risk': ['driver’s licenses',
'credit card details',
'NRIC numbers'],
'operational_impact': ['production disruptions',
'shipment delays',
'dealership operations'],
'payment_information_risk': ['credit card details'],
'systems_affected': ['business applications',
'cloud storage',
'production systems']},
'initial_access_broker': {'data_sold_on_dark_web': ['Yes (Scania, Kawasaki)']},
'lessons_learned': 'The automotive sector’s expanding attack surface, from '
'third-party vulnerabilities to cloud misconfigurations '
'and ransomware extortion, requires stronger cybersecurity '
'defenses.',
'motivation': ['extortion',
'data theft',
'financial gain',
'competitive advantage'],
'post_incident_analysis': {'corrective_actions': ['enhanced security '
'protocols',
'forensic investigations'],
'root_causes': ['third-party vulnerabilities',
'cloud misconfigurations',
'compromised credentials',
'exploited software '
'vulnerabilities']},
'ransomware': {'data_encryption': ['Yes'],
'data_exfiltration': ['Yes'],
'ransom_paid': ['No (Kawasaki)', None],
'ransomware_strain': ['RansomHub', 'Clop', 'Qilin']},
'recommendations': ['enhanced third-party risk management',
'cloud security hardening',
'ransomware preparedness',
'incident response planning'],
'response': {'containment_measures': ['forensic investigations',
'enhanced security protocols']},
'threat_actor': ['ZeroSevenGroup',
'RansomHub',
'Clop ransomware gang',
'Qilin ransomware gang'],
'title': 'Cyberattacks Surge in the Automotive Industry: Key Incidents from '
'2024–2025',
'type': ['ransomware',
'data breach',
'third-party breach',
'cloud misconfiguration'],
'vulnerability_exploited': ['Cleo software vulnerabilities',
'ADRecon for Active Directory mapping',
'unsecured AWS memory dump']}