Navistar, US truck and military vehicle maker, said a data breach took place on May 20, 2021, during which attackers have managed to steal data from its network.
Navistar (short for Navistar International Corporation) is a holding company that owns and operates a number of vehicle manufacturers in North America. On Monday, it revealed that its systems were breached, noting that its operations were not affected by the incident.
A spokesperson for the company said that it is in contact with federal authorities regarding the matter and filed an 8-K report with the Securities and Exchange Commission (SEC).
“Upon learning of the cybersecurity threat, the Company launched an investigation and undertook immediate action in accordance with its cybersecurity response plan, including employing containment protocols to mitigate the impact of the potential threat, engaging internal and third-party information technology security and forensics experts to assess any impact on the Company’s IT System, and utilizing additional security measures to help safeguard the integrity of its IT System’s infrastructure and data contained therein,” Navistar said.
The attack took place in mid-May, and at the end of the last month, Navistar “received a claim” that it had suffered a data breach and that the attack compromised “certain personal data.” Navistar could not confirm that it received a ransom demand.
The security measures mentioned above are ongoing as the company and third-party experts continue to investigate the scope and impact of the cybersecurity incident.
Navistar’s SEC filing did not mention the topic of ransomware, which is a known threat tactic. After stealing the sensitive data, the perpetrators often use the exfiltrated data to threaten to publicize the company’s stolen information through the web.
This is a developing story.