Between 28 and 29 May, one of the most serious cyberattacks ever recorded against European manufacturers of industrial vehicles took place. According to information disclosed a few days later, cybercriminals allegedly extracted approximately 34,000 documents from the portal insurance.scania.com. Based on an initial reconstruction of the incident communicated by Scania itself, the attackers are believed to have exploited login credentials belonging to an external IT supplier to gain access to the system, having previously stolen those credentials using infostealer malware.
Over the following 48 hours, the cybercriminals exfiltrated the 34,000 documents, which relate to insurance claim files. On 30 May, they began their extortion campaign against Scania, sending emails from a ProtonMail address to several of the company’s employees, threatening to publish the stolen data if their demands were not met. The attackers also used compromised third-party email accounts to intensify the pressure on the company. Finally, an individual operating under the pseudonym "hensi" published samples of the stolen data on a specialist underground forum, offering them for exclusive sale to a single buyer.
Swedish manufacturer Scania adopted a transparent approach to handling the crisis, publicly confirming the incident and providing details about the method of attack. A spokesperson for the company stated: "We can confirm that a security-related incident occurred within the insurance.scania.com application, which is provided by an external IT partner." The company added that the overall impact of the incident was "very limited". Scania also launched a thorough internal investigation and promptly notified the relevant data protection authorities. At present, the website insurance.scania.com has been taken offline and is currently inaccessible. A message on the site informs users that system maintenance is underway.
The automotive industry has seen a significant rise in cyberattacks in recent years, with 2024 recording over one hundred ransomware incidents and more than two hundred data breaches affecting the automotive and smart mobility ecosystem. In 2025, cybersecurity experts have already identified 297 cyberattacks targeting companies in the automotive sector, causing estimated damages of over 22 billion dollars. Infostealer attacks have accounted for 35 percent of all cyber incidents in 2025, becoming the most widespread threat.
