Findlay cyberattack puts Bullhead City consumers data at risk

BULLHEAD CITY — A ransomware attack on Findlay Automotive Group has severely impacted operations at more than 30 dealerships across five states, including the Bullhead City location. The June 9th cyberattack has potentially compromised sensitive customer data and significantly disrupted sales and service operations, raising concerns for local residents who have done business with the dealership.
Findlay acknowledged the “cybersecurity issue,” stating they are working with cybersecurity experts and law enforcement to investigate and resolve the matter. “Promptly after becoming aware of the issue, we launched an investigation with the assistance of leading cybersecurity experts and law enforcement,” the company said in a statement. “Our investigation is ongoing, and we are working diligently to resolve the matter.”
The attack has forced Findlay to scale back operations at all affected dealerships, with only a few employees working at each location to assist customers as needed. Most sales and service operations have been impacted, leading to significant financial losses for the company.
According to sources familiar with the matter, Findlay Automotive is reportedly losing millions of dollars daily due to the cyberattack. It could take another week before the company can fully address the issues, though this timeline remains uncertain.
The compromised data may include a wide range of sensitive customer information:
Names and addresses
Social Security numbers
Driver’s license numbers
Credit and debit card information
Insurance policy numbers
Other financial and credit-related information
The breach potentially affects customer data dating back several years, though the exact timeframe has not been specified by Findlay or the plaintiffs in a recent lawsuit filed against the company.
A class action lawsuit filed in Clark County District Court, Las Vegas, alleges that Findlay failed to adequately protect customer information and did not promptly notify affected individuals. The plaintiffs, Karen Smith and Pholisith Bouphapraseuth, are represented by the law firm Stranch, Jennings & Garvey.
The lawsuit claims that Findlay maintained customer data negligently, failing to implement adequate security measures as per industry standards and legal obligations. It alleges that Findlay “knew or should have known” they could be targeted by cybercriminals. “Defendant maintained the [personal information] in a negligent and/or reckless manner,” the suit reads in part.
While Findlay has no known history of previous cybersecurity breaches, this incident may highlight critical vulnerabilities in their data protection practices. The company has not commented on the lawsuit or provided details on the extent of the data breach since their initial statement.
The FBI is currently investigating the cyberattack, with no further updates from Findlay since June 10. Critics have raised concerns about the company’s delay in notifying customers about the breach and the potential ongoing risk to consumer data.
Bullhead City residents who have transacted with Findlay Automotive are strongly advised to take the following precautions:
Monitor credit reports regularly for any suspicious activity.
Consider placing fraud alerts or credit freezes on their accounts.
Watch for signs of identity theft, such as unexpected changes in credit reports, unfamiliar accounts, or unauthorized transactions.
Review all financial statements and communications carefully.
Be wary of phishing attempts or unsolicited communications asking for personal information.
Consumers who believe they may have been affected by the breach can join the class action lawsuit by contacting Stranch, Jennings & Garvey. Potential claimants should be prepared to provide documentation of their dealings with Findlay Automotive Group.
The lawsuit seeks to compel Findlay to delete all sensitive customer information from its system, pay for any expenses over the lifetime of the plaintiffs related to the fallout of this information getting into the wrong hands, and implement additional cybersecurity measures in the future.
This cyberattack is part of a broader trend affecting the automotive industry, highlighting the sector’s vulnerability to digital threats. Recently, CDK Global, a major software provider serving over 15,000 car dealerships across North America, also experienced a significant cyberattack, causing widespread disruptions.
Andrew MacKay, executive director of the Nevada Franchised Auto Dealers Association, emphasized the industry’s reliance on technology, stating, “You have to have technology, end of story.” He estimates that Nevada auto dealers spend “millions of millions” of dollars every year on cybersecurity efforts, including employee training, hardware and software upgrades, and other IT components.
MacKay explained that dealerships are heavily reliant on computers and technology to complete sales and service appointments, communicate with car manufacturers, and notify customers of important safety information related to their vehicles. This dependence on digital systems makes the industry an attractive target for cybercriminals.
The ransomware attack on Findlay is believed to be the work of a group known as “Scattered Spider,” which is notorious for targeting large companies and engaging in extortion. This group, along with others like BlackSuit, has been linked to attacks on more than 350 organizations worldwide since 2022, demanding over $275 million in ransom, according to FBI reports.
The full extent of the financial impact and the duration of the operational disruption at Findlay remain unclear. The company’s ability to recover and restore normal operations will likely depend on their response to the attack and the effectiveness of their cybersecurity measures going forward.
Affected consumers can contact the following resources for assistance:
Major credit reporting agencies: Experian, Equifax, and TransUnion
Consumer protection organizations: Federal Trade Commission (FTC) and Better Business Bureau
Legal assistance: Law firm Stranch, Jennings & Garvey for information on joining the class action lawsuit
Local authorities have not issued any statements regarding the specific impact on Bullhead City residents. However, the Mohave County Sheriff’s Office advises residents to remain vigilant about their personal information and report any suspicious activity related to identity theft.
The long-term impact of this cyberattack on Findlay’s operations and customer trust remains to be seen. Cybersecurity experts emphasize the importance of robust data protection measures in the increasingly technology-dependent automotive industry. This incident serves as a wake-up call for businesses to strengthen their cybersecurity practices and for consumers to be proactive in protecting their personal information.
— Jeremy Webb