Data Breach Hits 766K Car Dealership Customers
▼ Summary
– A ransomware attack at Motility Software Solutions exposed the sensitive data of 766,000 customers after hackers encrypted systems and stole files on August 19, 2025.
– The company provides dealer management software used by 7,000 automotive and other dealerships across the United States for CRM, inventory, sales, and service operations.
– Stolen personal data includes full names, Social Security numbers, driver’s license numbers, dates of birth, and contact information, varying per individual.
– Motility has restored systems from backups, implemented additional security measures, and is offering a year of free LifeLock identity monitoring to affected individuals.
– The company has no evidence of data misuse yet but recommends credit monitoring, fraud alerts, and credit freezes while monitoring the dark web for stolen data.
A significant ransomware attack has compromised the personal information of approximately 766,000 customers who did business with dealerships using software from Motility Software Solutions. This provider of dealer management systems serves around 7,000 automotive, powersports, marine, heavy-duty, and recreational vehicle retailers nationwide. The breach highlights the severe risks facing businesses that rely on third-party software vendors to handle sensitive customer data.
Motility, which was previously known as Systems 2000/Sys2K, offers a comprehensive suite of tools for dealership operations. Their software handles everything from customer relationship management and inventory tracking to sales, accounting, and service operations. It also includes features for rental and fleet management, along with mobile and web-based dashboard access for dealers.
According to an official notification filed with the Office of the Maine Attorney General, the cyber intrusion occurred on August 19. Hackers managed to encrypt portions of the company’s network after first exfiltrating files that contained personal customer information. The notification sent to affected people states, “On or about August 19, 2025, we identified unusual activity on certain computer servers that support our business operations.” An internal investigation confirmed that an unauthorized individual deployed malware, which encrypted a segment of Motility’s systems.
The company explained that the malicious software blocked access to internal data. Forensic analysis also suggests the attacker potentially removed a limited number of files holding customers’ personal details. The specific information exposed differs from person to person, but may have included:
In response, Motility conducted a detailed investigation, put enhanced security protocols in place, and restored affected systems using secure backups. It remains unknown whether the company negotiated with the threat actors, but they have set up dark web monitoring to watch for any appearance of the stolen data on illicit online platforms.
Motility emphasizes that they currently have no proof the stolen information has been used maliciously. Nevertheless, they strongly advise impacted individuals to take proactive steps to protect themselves. As part of the remediation effort, the company is offering one year of complimentary identity monitoring services through LifeLock. Notification recipients have until December 19 to enroll using a personalized activation code included in their notice.
Those affected are also encouraged to regularly review their credit reports for any suspicious activity. Placing a fraud alert or initiating a credit freeze with the major credit bureaus are additional recommended protective measures. So far, no ransomware group has publicly taken credit for the attack on Motility’s systems.
(Source: Bleeping Computer)
