Cyber Incident Victim: Eagers Automotive
Date:
Dec 2023
Location:
Australia
Summary
A cyberattack claimed by the LockBit 3.0 ransomware group disrupted IT systems across select Australian and New Zealand locations of an automotive retailer, impacting new vehicle deliveries and service operations while compromising some customer data. The incident prompted a trading halt, external cybersecurity investigations, and notifications to national cyber authorities, with potential financial losses linked to interrupted transactions. While most dealerships remained operational, the company prioritized customer data security and had recently implemented enhanced cloud-based protections prior to the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 27, 2023, Eagers Automotive Limited detected a cybersecurity incident that prompted an immediate trading halt on the Australian Securities Exchange to manage disclosure obligations. The Brisbane-based automotive retailer, which operates dealerships across Australia and New Zealand and reported $4.8 billion in first-half 2023 revenue, announced the breach publicly on December 28 after discovering unauthorized third-party access to portions of its IT infrastructure. Initial assessments confirmed the attack disrupted regional operations, particularly impacting new vehicle delivery transactions and service/parts operations in select locations, though most dealerships maintained functionality. The company engaged external cybersecurity experts to investigate the intrusion and notified both the Australian Cyber Security Centre and New Zealand National Cyber Security Center. By December 30, the LockBit 3.0 ransomware group claimed responsibility for the attack on its data leak site, listing Eagers as a victim with a January 19, 2024 ransom payment deadline. Operational disruptions primarily affected finalization of sales for vehicles already sold but undelivered, with financial losses initially estimated to involve transactions from the last five days of December 2023.
Eagers confirmed on January 2, 2024 that attackers exfiltrated data from company servers, compromising personal information of an undisclosed "small number of individuals" whom the firm began notifying. The full scope of data access remained under investigation, with no evidence initially found of customer or employee information misuse according to early statements. The incident occurred despite recent cybersecurity upgrades, including October 2023 implementation of Check Point CloudGuard software for cloud security and early December adoption of SentinelOne's threat detection platform. Nissan Oceania's regional operations had experienced a similar breach earlier that month, highlighting automotive sector vulnerabilities. Eagers maintained its trading halt through multiple ASX filings while restoring systems, advising customers to monitor for suspicious activity despite stating no immediate action was required. The company committed to providing further updates to stakeholders as the forensic investigation progressed, without confirming whether ransomware payments were considered.