Cyber Incident Victim: Dewan Farooque Motors Limited

On or around November 1, 2024, Dewan Farooque Motors Limited (DFML) experienced a cyber-attack that caused severe disruption to its corporate operations. The attack corrupted critical data and crashed the company’s IT servers, forcing DFML to postpone a scheduled Board of Directors meeting originally set for November 28, 2024. The automaker disclosed these details in a formal notice to the Pakistan Stock Exchange (PSX), citing malware as the primary cause of the infrastructure failure. DFML emphasized the extensive damage to its information systems, specifically noting that financial data for the first quarter ending September 30, 2024, was among the compromised assets. Restoration efforts were projected to require significant time, though no specific timeline was provided. The company apologized for operational disruptions but did not disclose technical details about the attack vector, threat actor, or initial detection methods.

The incident had immediate financial repercussions, with DFML’s share price declining 3.37% to Rs. 38.44 following the disclosure. Stakeholders were informed that the postponed board meeting would be rescheduled only after data restoration was completed, though no alternative date was announced. DFML did not confirm whether customer or employee data was breached but acknowledged systemic corruption affecting corporate operations. The attack occurred months after a similar incident at Pak Suzuki Motor Company (PSMC) in April 2024, which had resulted in leaked HR and financial records, though DFML’s notice did not reference this prior event or any coordinated response measures. No details about DFML’s incident response team, forensic investigations, or data recovery protocols were disclosed in the public filing.