Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents.
Scania told BleepingComputer that the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met.
Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.
The company, which is known for its durable fuel-efficient engines, employs over 59,000 people and has an annual revenue of $20.5 billion, selling over 100,000 vehicles yearly.
Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named 'hensi,' who is selling data they claimed to have stolen from 'insurance.scania.com,' offering it to a single exclusive buyer.
Threat actor's post on underground forums
Source: @H4ckmanac | X
Scania confirmed the breach to BleepingComputer, stating that their systems were breached on May 28, 2025, using an external IT partner's credentials stolen by infostealer malware.
"We can confirm there has been a security related incident in the application "insurance.scania.com", the application is provided by an external IT partner," stated a Scania spokesperson.
"On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware."
... continue reading