Data apparently stolen from Navistar International Corp. has been leaked onto the dark web, exposing detailed financial information less than a month after the heavy truck and military vehicle manufacturer disclosed a cyberattack. 

The data appeared on Wednesday on Marketo, which bills itself as a marketplace for stolen data. It consists of 82 files — which appear authentic — and the site’s operators offered it as a preview for a 330-gigabyte trove being made available for auction.

The portion posted included detailed financial statements, contracts and other internal documents. Marketo, which isn’t accessible through standard internet browsers, claimed that the full leak being sold also included data from partners and customers.

The leak came less than a month after Navistar disclosed a cyberattack and data breach in a Securities and Exchange Commission filing on June 7, and a day before its merger with Volkswagen AG’s TRATON SE took effect on Thursday. 

Navistar (NYSE:NAV) issued a statement in response to FreightWaves’ questions about the posting of stolen data, saying it “is aware of a security incident that affected our company’s systems” and that its investigation has confirmed “that an unauthorized third party accessed and took certain data from our IT System.”

Navistar did not respond to specific questions about the leak, nor confirm the data’s authenticity or that it resulted from the previously disclosed attack, which occurred in May. 

“The investigation is ongoing, and we have taken proactive steps to help minimize the potential impact,” the company said. “Navistar is committed to systems security and the protection of our corporate, customer, dealer, employee and partner information, and we take this responsibility seriously.” 

Leak site reportedly markets stolen data to victims’ competitors

Little is known about Marketo, which came online earlier this year. But the cybersecurity website BleepingComputer recently reported that Marketo’s tactics include attempting to sell data to victims’ competitors directly. 

Brett Callow, a threat analyst with cybersecurity software firm Emsisoft, said the site appears to sell data that its operators have stolen themselves as well as data taken by others, including ransomware gangs.

In contrast to instances in which ransomware gangs leak stolen data to their own sites after victims refuse to pay them, the appearance of Navistar’s files on Marketo sheds little light on the original attack, Callow said. 

“It could have been just plain old hacking,” Callow said.

Josh Lospinoso, co-founder and CEO of Shift5, a cybersecurity firm specializing in protecting heavy military and civilian vehicles, including trucks, agreed that the data leak provided few clues about what happened to Navistar and said the attack was part of an alarming trend. 

“Unfortunately, we’re seeing fleet and critical infrastructure operators getting hit with increasing regularity,” Lospinoso wrote in an email. “As operators take advantage of technological innovations that allow them to operate more efficiently, they’re often increasing connectivity. This creates reliance on IT systems for normal business operations, and the result is that criminals are finding some of these systems exploitable. 

FreightWaves’ Detroit Bureau Chief Alan Adler contributed to this report. 

Read more

Navistar hit by cyberattack but ‘minimizing potential impact’ – FreightWaves
Why a trucking company called a lawyer minutes after a ransomware attack
How does a ransomware attack work?

Click for more FreightWaves articles by Nate Tabak