BMW Confirms Data Breach Confined to Local Dealer

German automaker BMW has clarified that the recent ransomware attack on BMW France did not affect its own systems, but only a local dealer operating independently. The ransomware syndicate, known as Play, had included BMW France on its dark-web blog in March.

However, BMW’s security team did not find any intrusion within the BMW Group or BMW France systems. The company’s representative stated that the breach was located on the computer systems of the local dealer, which is a separate legal entity from BMW France. BMW has offered to assist the dealer in addressing the suspected data breach.

Play, the ransomware syndicate behind the attack on BMW France, has claimed to have stolen confidential data, contracts, financial information, and client documents from the company. In a typical move, the criminals have threatened to release the data in two weeks if BMW France does not pay the ransom.

Play is a new player in the ransomware game and is said to have been inspired by Hive, a similar group that recently folded. In addition to the BMW France attack, Play is also responsible for crippling attacks on the city of Oakland, California.

BMW France is a commercial subsidiary of BMW Group France and is responsible for the import, marketing, and promotion of BMW vehicles, parts, and accessories through its network of dealerships. The company employs over 400 staff.

BMW Group is a German automaker and one of the largest companies in the industry worldwide, with revenues of over $16 billion in 2021, employing nearly 120,000 people and shipping over 2.5 million vehicles globally.

Recently, researchers from Cybernews found an unprotected environment (.env) and .git configuration files hosted on the official BMW Italy website. Although not sufficient to compromise the site, this information could be used for covert reconnaissance purposes, allowing threat actors to gather more information about the system.