Breach cyber

Scania Financial Services

Jun 18, 2025 1 min read
Scania Financial Services

A threat actor named 'hensi' has reportedly claimed unauthorized access to Scania Financial Services’ insurance.scania.com subdomain and is allegedly selling around 34,000 files on cybercriminal marketplaces. The incident highlights ongoing vulnerabilities in corporate digital infrastructure and the persistent threat posed by data exfiltration operations targeting financial services organizations. The alleged breach encompasses approximately 34,000 files allegedly extracted from Scania's insurance subdomain infrastructure, potentially containing sensitive customer information, policy details, financial records, and personally identifiable information (PII).

Source: https://cybersecuritynews.com/scania-financial-services-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/scaniafinancialservices

"id": "sca302061825",
"linkid": "scaniafinancialservices",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Financial Services',
                        'name': 'Scania Financial Services',
                        'type': 'Financial Services'}],
 'attack_vector': 'Web Application Vulnerabilities, SQL Injection Attacks, or '
                  'Compromised Authentication Mechanisms',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': 34000,
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive Customer Information',
                                              'Policy Details',
                                              'Financial Records',
                                              'Personally Identifiable '
                                              'Information (PII)']},
 'description': "A threat actor named 'hensi' has reportedly claimed "
                'unauthorized access to Scania Financial Services’ '
                'insurance[.]scania.com subdomain and is allegedly selling '
                'around 34,000 files on cybercriminal marketplaces.',
 'impact': {'data_compromised': ['Sensitive Customer Information',
                                 'Policy Details',
                                 'Financial Records',
                                 'Personally Identifiable Information (PII)'],
            'systems_affected': ['insurance[.]scania.com subdomain']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'lessons_learned': 'Organizations should implement comprehensive subdomain '
                    'security monitoring, regular vulnerability assessments, '
                    'and enhanced threat intelligence capabilities to detect '
                    'and respond to similar incidents.',
 'motivation': 'Financial Gain',
 'references': [{'source': 'Hackmanac reports'}],
 'regulatory_compliance': {'regulations_violated': ['GDPR',
                                                    'Sector-specific financial '
                                                    'services requirements']},
 'threat_actor': 'hensi',
 'title': 'Unauthorized Access to Scania Financial Services’ Insurance '
          'Subdomain',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Scania

public 1 min read
Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.