A recent ransomware attack on Motility Software Solutions, a provider of dealer management software, has resulted in a massive data breach affecting 766,000 customers. Motility’s software is widely used by over 7,000 dealerships across the United States, including those in the automotive, powersports, marine, heavy-duty, and RV retail sectors. The company first detected unusual activity on August 19, 2025, when hackers deployed malware to encrypt some of their systems. A subsequent investigation revealed that, in addition to locking down files, the attackers also stole a significant amount of customer information.
The breach exposed a wide range of personal information, with the types of data varying for each individual. The stolen files may contain customers’ full names, postal addresses, email addresses, telephone numbers, and dates of birth. For some, even more sensitive data was compromised, including their Social Security numbers and driver’s license numbers. The company has acknowledged that the attackers may have removed files containing this personal data and has since implemented additional security measures to prevent future incidents.
Following the discovery of the attack, Motility worked to restore its systems from backups and conduct a thorough investigation into the incident. While it remains unclear if the company paid the ransom, it has taken steps to monitor the dark web for any signs of the stolen data surfacing. The company has stated that it has no evidence that the information has been misused yet but is urging all impacted individuals to take proactive measures to protect themselves.
To assist those affected, Motility is providing a year of free identity monitoring services through LifeLock. Impacted customers have until December 19 to enroll in the service using a unique activation code provided by the company. This service is designed to help individuals detect any fraudulent activity that may arise from the stolen data.
In addition to the free monitoring service, Motility is recommending that customers remain vigilant and take personal protective actions. The company advises individuals to closely monitor their credit reports for any suspicious activity and to consider placing fraud alerts or a credit freeze on their files. While no ransomware group has yet claimed responsibility for the attack, these measures can help mitigate the potential risks associated with the data breach.
Reference: