BMW
Image: Leon Seibert via Unsplash

BMW says Play ransomware attack only hit local dealership in France

BMW is downplaying a ransomware attack claimed this week by criminal hackers, saying that it only affected a local dealership in France.

The Play ransomware group — which has drawn headlines for damaging attacks on the cities of Oakland and Antwerp in recent months — claimed it attacked “BMW France” on its leak site on Tuesday.

But in a statement to Recorded Future News, a BMW Group spokesperson said there was no evidence as of yet that the attack had penetrated the company at large.

“BMW Group experts are continuously monitoring the situation and have not identified any intrusion within BMW Group or BMW France systems,” the spokesperson said.

“They were able to locate the breach on the computer systems of a local dealer, which is an independent legal entity of BMW France. We will accompany and support the dealer and its team throughout the upcoming steps.”

In January, the Play group took credit for an attack on Arnold Clark, one of the United Kingdom’s largest car dealerships. When the car dealership refused to pay a ransom, the gang leaked National Insurance numbers (the equivalent of Social Security numbers in the U.S.) and passport data, alongside addresses and phone numbers.

It also published bank statements and car finance documents for customers of the Glasgow-based business.

In February 2022, ransomware actors from the now-defunct Hive group also attacked Emil Frey, one of Europe's biggest car dealers.

The Play ransomware group first emerged in July 2022 targeting government entities in Latin America, according to Trend Micro.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.