• Home
  • cyber
  • UBS: Scania confirms insurance claim data breach in extortion attempt
cyber Cyber Attack

UBS: Scania confirms insurance claim data breach in extortion attempt

Jan 1, 2026 1 min read
UBS: Scania confirms insurance claim data breach in extortion attempt

**Scania Confirms Data Breach as Threat Actors Extort Company with Stolen Insurance Claims**

Automotive manufacturer Scania has confirmed a cybersecurity incident in which attackers exploited compromised credentials to breach its Financial Services systems, specifically targeting insurance.scania.com. The threat actors, identified as "hensi" on a hacking forum, stole insurance claim documents and attempted to sell the data to a single exclusive buyer.

Scania disclosed that the attackers later emailed multiple employees, threatening to leak the stolen data unless their demands were met. The company has not confirmed whether a ransom was paid or if the data was publicly released.

The breach highlights the ongoing risk of credential-based attacks in enterprise environments, particularly in sectors handling sensitive financial and insurance records. No further details on the scope of the exposed data or the timeline of the attack have been provided.

Source: https://databreaches.net/2025/06/18/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/

OneSubsea cybersecurity rating report: https://www.rankiteo.com/company/onesubsea

"id": "ONE1767600666",
"linkid": "onesubsea",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Automotive',
                        'name': 'Scania',
                        'type': 'Corporation'}],
 'attack_vector': 'Compromised Credentials',
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'Highly Confidential',
                 'type_of_data_compromised': 'Insurance claim documents'},
 'description': 'Automotive giant Scania confirmed it suffered a cybersecurity '
                'incident where threat actors used compromised credentials to '
                'breach its Financial Services systems and steal insurance '
                "claim documents. The threat actor 'hensi' posted on a hacking "
                'forum selling the stolen data, offering it to a single '
                'exclusive buyer. Scania reported that attackers emailed '
                'several employees, threatening to leak the data unless their '
                'demands were met.',
 'impact': {'data_compromised': 'Insurance claim documents',
            'systems_affected': 'Financial Services systems'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
                           'entry_point': 'Compromised credentials'},
 'motivation': 'Extortion',
 'references': [{'source': 'DataBreaches.net',
                 'url': 'https://databreaches.net'},
                {'source': 'BleepingComputer'}],
 'threat_actor': 'hensi',
 'title': 'Scania Insurance Claim Data Breach',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.