A group of threat actors has claimed responsibility for a cyberattack on Scania, the Swedish commercial vehicle manufacturer, alleging the theft of 34,000 internal files from its corporate insurance platform. The breach was announced on a restricted-access cybercrime forum, where stolen corporate data is commonly traded or sold.
Scania, a key player in Europe’s transportation sector, has not yet confirmed the incident. At the time of writing, the company’s insurance platform—VabisLine—remains offline, displaying a maintenance message that reads:
“We are currently performing maintenance on the VabisLine system. The system has been temporarily taken offline.”
It is unclear whether this downtime is directly linked to the alleged intrusion.
What Hackers Claim to Have Accessed
According to the attackers’ post on the cybercrime forum, they successfully breached the corporate insurance division of Scania and exfiltrated files that were previously inaccessible to the public. No file samples have been released publicly, and the actual content of the 34,000 stolen files remains undisclosed.
However, given that Scania’s corporate insurance arm likely manages commercial vehicle coverage, the files may include:
- Customer identities
- Vehicle details linked through Vehicle Identification Numbers (VINs)
- Policy documents or internal records tied to Scania’s global fleet customers
These possibilities remain speculative until either the attackers release proof or the company issues a formal statement.
Scania: A Critical Player in European Transport
Scania is one of the largest commercial vehicle manufacturers in Europe. As of Q1 2025, the company held 18.9% of the European commercial vehicle market share. In 2024, Scania reported $22 billion in annual revenue and employed 59,000 people worldwide.
Scania’s reputation as a data-rich enterprise with broad international operations makes it a high-value target for cybercriminals, particularly those interested in extortion or espionage. The attack, if confirmed, underscores how commercial vehicle manufacturers continue to face growing pressure from advanced cyber threats.
Broader Trend of Attacks on Automakers
The Scania breach follows a growing pattern of cyberattacks against global automotive giants. Earlier this month, hackers claimed they had infiltrated Volkswagen Group, one of the world’s largest automakers.
Automotive companies are frequent targets for threat actors due to:
- Extensive collections of customer and partner data
- Global networks of vendors and affiliates
- High potential for business disruption, making them more likely to pay extortion demands
State-sponsored groups and ransomware gangs alike view such organizations as valuable for both data theft and financial leverage.
Scania has not released a public statement regarding the incident and has not responded to media inquiries. The full scope of the breach, including whether customer data was impacted, remains unknown.
Supply Chain Cyber Risks in the Automotive Industry
With the automotive and transportation sectors growing more digitized, cybercriminals are zeroing in on platforms that manage sensitive supply chain, customer, and insurance data. Incidents like the alleged Scania breach underline how even operational support systems—often overlooked in traditional security strategies—can become entry points for significant data loss and reputational damage.
If your organization operates within a high-stakes environment like logistics, automotive, or industrial manufacturing, securing operational continuity requires more than just perimeter defense.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
