Ransomware victim disclosure
← All victimsAutoCanada
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedMar 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- Canada
- Sector
- Consumer Services
- Listed on leak site
- Mar 23, 2025
- Data size
- 455.90 GB
- Records
- 4.041 employees
About the victim
AI dossier — public-source company profileAutoCanada is a new and used car dealer headquartered in Edmonton, Alberta, founded in 2006. The company operates retail automotive sales, parts distribution, and servicing operations with approximately 4,041 employees and annual revenue of approximately $4.6 billion.
- Industry
- Automotive Retail & Services
- Address
- 200-15511 123 Ave NW, Edmonton, Alberta, T5V 0C3, Canada
- Employees
- 4041
- Founded
- 2006
Attack summary
Severity: high — Confirmed exfiltration of 455.90 GB of data from a large, regulated automotive retailer with significant employee and customer records; data published by threat actor. Scale and sensitivity typical of automotive retail operations (customer PII, financial, vehicle records).Medusa claims to have exfiltrated 455.90 GB of data from AutoCanada. No specific details regarding encryption, operational disruption, or data categories are provided in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- business data
- operational records
What the group claims
AutoCanada, founded in 2006 and headquartered in Edmonton, Alberta, is a new and used car dealer that also provides parts and servicing. AutoCanada corporate office is located in 200-15511 123 Ave NW, Edmonton, Alberta, T5V 0C3, Canada and has 4,041 employees. Revnue: 4.6B The total amount of data leakage is 455.90 GB.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

