Northeast Ohio Car Dealership Data Breach Exposes Customer and Employee Information
A data breach at Progressive Auto Group, a car dealership in Massillon, Ohio, has potentially exposed the personal information of customers and employees, including a former mechanic who purchased a vehicle from the dealership. Aaron Lucarelli received a notification letter dated December 29, confirming that an unauthorized actor accessed the company’s network and exfiltrated files containing sensitive data.
The breach, detected on December 18, may have compromised names, Social Security numbers, driver’s license numbers, passport details, and financial account information, including debit and payment card numbers. Progressive Auto Group is offering affected individuals one year of free credit monitoring through EquiPrivacy ID Solutions to help detect potential identity theft.
Lucarelli, who worked at the dealership before buying a car there, described the experience as unsettling, prompting him to contact all three major credit bureaus and monitor his accounts for suspicious activity. While he has not yet observed any fraudulent transactions, he expressed ongoing concerns about the long-term risks of the exposure.
Cybersecurity experts, including Alex Hammerstone of TrustedSec, noted that such breaches are increasingly common and often preventable with basic security measures. The incident underscores the growing threat of unauthorized data access in businesses handling sensitive customer information. Individuals who suspect identity theft can report fraud to the Federal Trade Commission (FTC) for assistance.
The Progressive Group cybersecurity rating report: https://www.rankiteo.com/company/the-progressive-group
"id": "THE1769095627",
"linkid": "the-progressive-group",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Customers and employees',
'industry': 'Automotive',
'location': 'Massillon, Ohio, USA',
'name': 'Progressive Auto Group',
'type': 'Car Dealership'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': 'Monitor accounts for suspicious activity and report '
'fraud to the FTC.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Driver’s license numbers',
'Passport details',
'Financial account information',
'Debit and payment card '
'numbers']},
'date_detected': '2023-12-18',
'date_publicly_disclosed': '2023-12-29',
'description': 'A data breach at Progressive Auto Group, a car dealership in '
'Massillon, Ohio, has potentially exposed the personal '
'information of customers and employees, including sensitive '
'data such as Social Security numbers, driver’s license '
'numbers, and financial account information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': 'Personal and financial information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Company network'},
'lessons_learned': 'Such breaches are increasingly common and often '
'preventable with basic security measures.',
'recommendations': 'Implement basic security measures to prevent unauthorized '
'access.',
'references': [{'source': 'Notification letter to affected individuals'},
{'source': 'Federal Trade Commission (FTC) fraud reporting',
'url': 'https://reportfraud.ftc.gov'}],
'response': {'communication_strategy': 'Notification letters to affected '
'individuals',
'third_party_assistance': 'EquiPrivacy ID Solutions (credit '
'monitoring)'},
'threat_actor': 'Unauthorized actor',
'title': 'Northeast Ohio Car Dealership Data Breach Exposes Customer and '
'Employee Information',
'type': 'Data Breach'}