DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Threat actors dump tens of thousands of driver’s license images and several thousand credit reports for customers of Walter’s Automotive Group

Posted on July 20, 2021 by Dissent

Credit reports for a few thousand customers of Audi Ontario and Porsche Ontario dealerships were dumped by ransomware threat actors who claim they locked Walter’s Automotive Group and exfiltrated data, but Walter’s would not respond to them. More than 22,000 driver’s license images were also in the data dump. 

If you bought an Audi or a Porsche from Audi Ontario or Porsche Ontario in California — or didn’t buy one but had just applied for credit for one of the two dealerships — your personal details and credit report may now be freely available on the dark web.

Threat actors known as Vice Society recently claimed to have locked and exfiltrated data from Walter’s Automotive Group. Walter’s owns Audio Ontario and Porsche Ontario, as well as  Porsche Riverside, Walter’s Mercedes-Benz, Walter’s Audi, and Walter’s Sprinter.

According to a Vice Society spokesperson’s statement to DataBreaches.net, Walter’s did not respond to their contact to initiate a ransom demand.  As a result, Vice Society dumped the data that they had exfiltrated during the attack.

In one folder alone, DataBreaches.net found more than 21,000 images of driver’s licenses.  The image files were date-stamped between  May of 2018 and May of 2021.  Another folder contained almost 4,400 files related to customer credit applications for customers of Audi Ontario. These did not all represent unique customers, as for each customer, there was often two or three files. The date stamps on these were between January 2017 and June, 2021. The applications and completed reports contain the applicant’s name, date of birth, current address, SSN, phone number, email address, current and past employers, past addresses, salary information, and credit history including FICO score, loan balances, etc.

Another folder under Audi Ontario contained almost 200 driver’s license images.

Credit applications for some Porsche Ontario customers or potential customers were also found in the dump. There were more than 1,000 files, but again, that is not the number of unique customers. Most of the credit report applications and reports are within the last year.  There was also a file with more than 1,000 driver’s license images.

Neither Audi Ontario, Porsche Ontario, or Walter’s Automotive Group replied to multiple inquiries sent to them this past weekend via web site contact forms as well as email to the automotive group’s IT department.

DataBreaches.net sent email inquiries tonight to a few recent customers of Audi Ontario. One already replied, and informed this site that he has not been notified by Walter’s or the dealership of any data theft or incident. If the dealerships or Walter’s responds to this site’s inquiries, this post will be updated.


Update: Post-publication, DataBreaches.net learned that what sounds like these data had been put up for sale on a popular forum at around the same time the data were listed on Vice Society’s site.  See Ax Sharma’s report here. His report raises the question as to whether the victim of this breach might have been eLend — and not Walter’s Automotive Group, as this site reported.  Other folders and files in the Vice Society data dump contain what appears to be employee information on Walter’s employees and spread sheets created by Wayne Fitkin, Walter’s Automotive Group’s IT Director.

Update 2: An Audi Ontario customer that I contacted last night got back to me now and reported that he had spoken with the dealership. He writes, in part:

They are aware of this and have been working with FBI and cyber authorities. They said they have no idea what data has been compromised or by who. But that they will “send a letter” once known.

They have no idea what data has been compromised?  Surely the FBI and/or the “cyber authorities” they are working with would have spotted it or known where to look for it. The dealership or its consultants could have downloaded a full copy of it last week.

Yet they tell a victim today that they have no idea what has been compromised?

Update:  This incident was reported to the Maine Attorney General’s Office as impacting 11,118 people, total.

Category: Breach IncidentsBusiness SectorMalwareU.S.

Post navigation

← Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach
Man Arrested in Connection with Alleged Role in July 2020 Twitter Hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.