Autobell reports data breach, over 50,000 customers affected

Autobell Car Wash, LLC, one of the largest car wash services in the United States, has become the victim of a cyberattack, affecting tens of thousands of customers.

According to the data breach notification that was filed to the Office of the Maine Attorney General, the car wash service provider experienced a ‘network security incident’ on April 7.

When the incident came to light, Autobell launched an investigation with cybersecurity specialists from outside the company to look into the scope and impact of the breach.

“After an extensive forensic investigation and document review, we discovered on September 24, 2024, that between April 1, 2024 and April 7, 2024, certain information stored on our network may have been accessed and/or acquired by an unauthorized individual,” the notice says.

Autobell doesn’t want to go into detail what information was obtained, but suffices by saying ‘names and other personal identifiers’ may have been taken by the attackers.

The personal details of 52,714 customers were exposed by the data breach. They all received a letter from the company, including an offer for twelve months of free credit monitoring and identity fraud services.

“We are committed to maintaining the privacy of personal information in our possession. We continually evaluate and modify our practices to enhance the security and privacy of your personal information,” the notice concludes.

The ransomware operation Medusa claims to be responsible for the data breach incident. The group allegedly stole 183.3 GB of corporate data back in May, 2024.

According to Palo Alto Networks’ Unit 42 Threat Intelligence analysts, Medusa surfaced as a ransomware-as-a-service or RaaS platform in late 2022 and gained notoriety in early 2023. That year, approximately 74 organizations across a spectrum of industries were impacted by Medusa ransomware.

To break into corporate networks, the group abuses unpatched vulnerabilities or hijacks legitimate accounts by using login credentials they obtained. They are also known for their use of Living-of-the-Land techniques (LOTL), where they use legitimate tools to evade detection and steal data.

Most Medusa victims are located in the United States, but incidents also occurred in the United Kingdom, France and Italy.