Excerpt from GBHackers Article, Published on Jun 18, 2025.
Swedish automotive giant Scania has confirmed a serious data breach that resulted in a massive leak of sensitive customer files. The incident occurred on May 28, 2025, when attackers compromised the subdomain insurance.scania.com using stolen credentials from an external IT partner. The threat actor, operating under the alias “hensi,” has claimed responsibility for the breach and has begun offering the stolen data on underground forums. Scania, a key player in Europe’s commercial vehicle market, is now dealing with the aftermath of what could be one of its most significant cybersecurity incidents to date. The breach has led to the leak of approximately 34,000 insurance-related files, reportedly containing personal, financial, and potentially medical data. Several sample documents have already been leaked to prove the legitimacy of the stolen material.
The Scania breach was first publicized in mid-June 2025, when “hensi” announced the attack on a restricted hacker forum. The attacker demanded ransom and reached out to Scania employees, threatening to release the files if demands weren’t met. When negotiations failed, portions of the data were published, confirming the leak’s authenticity. Scania has responded by disabling the affected insurance application and launching an internal investigation in coordination with cybersecurity specialists and regulatory bodies. The company stressed that only the insurance platform was affected and that they are actively notifying impacted individuals.
This Scania incident has triggered alarm across the automotive and insurance sectors, as it underscores the increasing frequency of cyberattacks that result in significant data leaks. Experts warn that organizations must strengthen defenses against credential theft and social engineering. Scania has urged its partners and customers to stay alert to phishing threats and suspicious activity. The full scope of the Scania data leak is still being determined, but the implications could be far-reaching.
To delve deeper into this topic, please read the full article GBHackers.
