Hacker Allegedly Selling Pak Suzuki Corporate Data on Dark Web

About a week ago, it was revealed that a malicious threat actor attacked the Pak Suzuki Motor Company Limited (PSMC) server and managed to steal its corporate data. In a new revelation, a source said that the threat actor had allegedly auctioned off corporate data for sale on the dark web. The entire data is 447.5 GB (without compression) and comprises accounting, HR/employee, finance, IT, compliance, and administrative documents.

In a message to the Pakistan Stock Exchange today, Pak Suzuki Motor Company Limited said,

“On April 9, 2024, we came to know that our corporate data had been leaked due to a cyber-attack. Initial investigations suggest that data related to HR, Financials, etc., from the server, has been ported out to public IP.”

On the other hand, according to the threat actor’s message, the compromised data allegedly offers source codes of IT apps, executives’ e-mail boxes (PST), SAP & ERP, internal databases, VoIP records (March 2024), passports, salary and tax-related documents, and contracts with other companies, information on the computers of critical people in the company (CEO, CFO, IT managers, directors, etc.). Furthermore, it claimed to have about 37 GB of data from Suzuki’s main office in Japan.

This development comes after the vehicle manufacturer recently revealed that it was delisting from PSX. In Feb 2024, PSMC began the share purchase offer (SPA) to sell 22.14 million shares at PKR 609 per share and effectively delist.