Swedish truck manufacturer Scania investigates cyberattack

On June 12, 2025, the threat actor, under the pseudonym “hensi,” posted that they had compromised the insurance.scania.com domain of Scania, a Swedish manufacturer of heavy trucks and buses, as well as other industrial engines. The actor allegedly stole 34,000 files, which they have been offering for sale on a cybercrime forum.

Scania confirmed to the media that the insurance subdomain of its website is associated with Scania's vehicle insurance services and that this service was compromised in the incident. In addition, the company noted that this site is operated by an external IT partner. The affected website has been taken offline as a result of the incident.

Scania detected an intrusion into the website on May 28 and 29, using credentials previously stolen from its external partner using infostealer malware. The compromised credentials gave the attacker access to the insurance claims system, from which they were able to download documents related to the claims themselves. Shortly thereafter, the actor attempted to extort the company before offering to sell the stolen information. Emails were sent to several Scania employees, threatening to leak the data online unless their demands were met.

Investigations are ongoing to determine exactly what type of information has been compromised and how many people have been affected by the incident.