DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CA: Threat actors dump tens of thousands of driver’s license images and several thousand credit reports for customers of Walter’s Automotive Group

Posted on July 20, 2021 by Dissent

Credit reports for a few thousand customers of Audi Ontario and Porsche Ontario dealerships were dumped by ransomware threat actors who claim they locked Walter’s Automotive Group and exfiltrated data, but Walter’s would not respond to them. More than 22,000 driver’s license images were also in the data dump. 

If you bought an Audi or a Porsche from Audi Ontario or Porsche Ontario in California — or didn’t buy one but had just applied for credit for one of the two dealerships — your personal details and credit report may now be freely available on the dark web.

Threat actors known as Vice Society recently claimed to have locked and exfiltrated data from Walter’s Automotive Group. Walter’s owns Audio Ontario and Porsche Ontario, as well as  Porsche Riverside, Walter’s Mercedes-Benz, Walter’s Audi, and Walter’s Sprinter.

According to a Vice Society spokesperson’s statement to DataBreaches.net, Walter’s did not respond to their contact to initiate a ransom demand.  As a result, Vice Society dumped the data that they had exfiltrated during the attack.

In one folder alone, DataBreaches.net found more than 21,000 images of driver’s licenses.  The image files were date-stamped between  May of 2018 and May of 2021.  Another folder contained almost 4,400 files related to customer credit applications for customers of Audi Ontario. These did not all represent unique customers, as for each customer, there was often two or three files. The date stamps on these were between January 2017 and June, 2021. The applications and completed reports contain the applicant’s name, date of birth, current address, SSN, phone number, email address, current and past employers, past addresses, salary information, and credit history including FICO score, loan balances, etc.

Another folder under Audi Ontario contained almost 200 driver’s license images.

Credit applications for some Porsche Ontario customers or potential customers were also found in the dump. There were more than 1,000 files, but again, that is not the number of unique customers. Most of the credit report applications and reports are within the last year.  There was also a file with more than 1,000 driver’s license images.

Neither Audi Ontario, Porsche Ontario, or Walter’s Automotive Group replied to multiple inquiries sent to them this past weekend via web site contact forms as well as email to the automotive group’s IT department.

DataBreaches.net sent email inquiries tonight to a few recent customers of Audi Ontario. One already replied, and informed this site that he has not been notified by Walter’s or the dealership of any data theft or incident. If the dealerships or Walter’s responds to this site’s inquiries, this post will be updated.


Update: Post-publication, DataBreaches.net learned that what sounds like these data had been put up for sale on a popular forum at around the same time the data were listed on Vice Society’s site.  See Ax Sharma’s report here. His report raises the question as to whether the victim of this breach might have been eLend — and not Walter’s Automotive Group, as this site reported.  Other folders and files in the Vice Society data dump contain what appears to be employee information on Walter’s employees and spread sheets created by Wayne Fitkin, Walter’s Automotive Group’s IT Director.

Update 2: An Audi Ontario customer that I contacted last night got back to me now and reported that he had spoken with the dealership. He writes, in part:

They are aware of this and have been working with FBI and cyber authorities. They said they have no idea what data has been compromised or by who. But that they will “send a letter” once known.

They have no idea what data has been compromised?  Surely the FBI and/or the “cyber authorities” they are working with would have spotted it or known where to look for it. The dealership or its consultants could have downloaded a full copy of it last week.

Yet they tell a victim today that they have no idea what has been compromised?

Update:  This incident was reported to the Maine Attorney General’s Office as impacting 11,118 people, total.

No related posts.

Category: Breach IncidentsBusiness SectorMalwareU.S.

Post navigation

← Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach
Man Arrested in Connection with Alleged Role in July 2020 Twitter Hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.