AUSTRALIA’S biggest automotive dealership group, Eagers Automotive, has been hit with a cyber attack that appears to have compromised some of its IT systems in Australia and New Zealand.

The auto giant said the outage was “restricting its ability to trade within certain parts of its business in some operating locations” within both countries.

The company warned that “a small number of individuals may face serious risk of data misuse”.

It said the impact of the outage was varied across regions and business units and was affecting “the ability to finalise transactions for certain new vehicles that have been sold and are ready for delivery (as well as) some aspects of the company’s service and parts operations”.

The attack reinforces recent warnings that car retailers are prime targets for cyber criminals and that dealers need to take urgent action to shore up their systems security with hardware and software upgrades and relentless staff training.

The announcement on December 29 said that the attack prompted the company to warn its customers, suppliers and other business associates that they should be alert to any suspicious or untoward activities in any of their IT interactions with Eagers.

The Eagers announcement said that it had started an intense investigation of the company’s IT systems to assess the extent of the cyber intrusion with particular emphasis to ensure customer and employee information remains safeguarded.

A spokesman said in a statement: “The company is investigating rapidly and, to this point, has not found any access to or misuse of customer or employee information. 

“As part of our cyber security protocols, external incident response experts have been appointed to support the ongoing investigation and response.

“Maintaining the security and privacy of our customers’ data and our employees’ data is our highest priority and all efforts of the business are now focused on safely restoring our systems.

“At this stage, customers do not need to do anything but we ask them to remain vigilant of any suspicious activity.”

The company apologised to its customers for any inconvenience they might experience.

The ASX placed Eagers Automotive shares into a trading halt while the extent of the damage of the cyber intrusion was investigated.

In a later announcement to the ASX on January 2, Eagers Automotive said it could confirm “the incident involved unauthorised access to part of the company’s IT systems by a third party which accessed some data from our servers”. 

“Based on investigations to date, the company is in the process of notifying a small number of individuals identified who may face serious risk of data misuse.

“The company is committed to providing these affected individuals with the support and assistance they need as the company works to respond to this incident.

“If the company detects any further personal information has been impacted, affected individuals will be notified in accordance with the company’s obligations and Eagers Automotive will provide support and guidance.

The impact of the cyber incident is not expected to be material for the 2023 financial year, the announcement said.

“As the investigation progresses, further updates will be provided to customers, employees, shareholders, regulators and other stakeholders.”

The company said it has notified the Australian and New Zealand Cyber Security Centres and is notifying the Office of the Australian Information Commissioner and the NZ Office of the Privacy Commissioner. 

The intrusion comes at a time when Eagers has been busy upgrading its IT protection.

In October it announced that it would upgrade its cybersecurity capabilities and future-proof its digital business using software from Check Point Software Technologies.

GoAutoNews Premium reported at the time that the move came after Eagers indicated it wanted to boost security beyond the current AWS and Azure cloud security tools.

Eagers said at the time it had adopted Check Point CloudGuard software that it said will deliver improved visibility into the cloud environment and help the company with automating governance and managing complexities across its multi-cloud assets and services.

Eagers said that a key milestone for its digital transformation was to adopt a cloud-based environment that could encompass the complexities of its business operations. 

Because of the size and diversity of the company, it relies on technology including the development of dealership apps, mobile apps and online car sales.

Then, in early December this year, Eagers Automotive announced that it is using SentinelOne that offers a targeted view of threats across connected devices to enhance its cybersecurity posture. 

The company said the strategy promotes better visibility over the dealership’s valuable assets while mitigating risk introduced by third-party vendors and partners, particularly those handling sensitive data.

SentinelOne, is known for its global expertise in autonomous cybersecurity to effectively detect, prevent, and respond to threats with high speed and efficiency to outpace contemporary digital threats to ensure the security of its customers.

The attack confirms recent warnings that car retailers are an especially attractive target for cybercriminals and comes at a time when the Australian Automotive Dealer Association (AADA) has begun sponsoring special workshops by cyber experts on protecting dealership IT businesses from intrusion

These intrusions most commonly lead to ransom demands to unlock IT systems on the payment of the amount demanded.

THE CEO of the AADA has warned Australian dealers that the nature of vehicle retailing makes car retailers a magnet for cyber attacks.

James Voortman

James Voortman was addressing the recent Pentana Live Innovation Accelerated online seminar in which he cited an example of a large British dealer group with 200 branches that was hit in a cyber attack that cost it a reputed $60 million. 

He said another large UK dealer group with more than 25 locations turning over 450 million pounds was subject to a ransom attack that left some of its core systems damaged beyond repair. 

“There was recently an example here in Australia of a customer falling victim to a phishing attack and being swindled out of more than $100,000 in trying to purchase a vehicle,” he said.

He added that the average cost of recovering from a data breach in the US was $4.5 million. 

Mr Voortman said that cyber criminals are attracted to places where large amounts of data and money are transacted. He said that there is also a perception of vulnerabilities within dealerships. 

He said that car dealerships “are high-value targets”.

Dealers are being warned that International organised crime syndicates are not only evolving at a rapid rate in their quest to break into Australian company IT systems, they are now able to earn more from ransom payments and other scams from penetrating the security of corporate systems than they earn from the international drug trade.

This is the view of Brian Hay, executive director of Cultural Cyber Security which has been retained by the AADA to run a series of webinars over the next year to help dealers understand the nature of the threat they face and what steps they need to take to thwart extortionists.

He told GoAutoNews Premium in an exclusive interview that the international criminals who are the perpetrators of these attacks were now using the massive computing power of artificial intelligence to help them plan, target and execute extortion attacks on companies of all sizes.

“The criminals are so advanced compared to where we are.”

The Australian reported from a recent survey conducted of Australian CEOs that a cyber attack now represented the single biggest external threat to the running of their businesses and was the top issue that kept them awake at night.