The dealership software company Motility Software Solutions is alerting over 766,000 people that their personal information was stolen during a ransomware attack.
Ransomware Attack and Data Stolen
Motility, which provides software for recreational vehicle and and power sport dealers, first discovered the incident on August 19 after hackers breached the servers supporting its business operations. The attackers deployed file-encrypting ransomware but also stole files containing customer data.
The compromised personal information includes:
- Names and addresses
- Phone numbers and email addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
Motility stated in a notification letter that they have "no evidence of actual misuse of the information" but are issuing the notice so affected individuals can take steps to protect themselves. The breach details were first released by Motility’s parent company, Reynolds and Reynolds, on September 12. The official filing with the Maine Attorney General's Office confirmed 766,670 affected people.
Aftermath and Threat Actor Link
Motility has successfully restored its systems using clean backups and has added new security tools and measures. They are also offering the affected individuals 12 months of free identity theft, credit monitoring, and fraud consultation services.
Although Motility did not name the threat actor, the Pear ransomware gang recently listed Reynolds and Reynolds on its leak site, claiming to have stolen 4.3 terabytes of data. Since Reynolds and Reynolds had previously stated that their own systems were not affected, it is likely the data Pear stole came from the Motility subsidiary. The fact that the cybercrime group made the data available for download suggests that the ransom was not paid.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
