Ransomware victim disclosure
← All victimsDAT AUTOHUS AG
Claimed by Everest · listed 11 months ago
Status timeline
- ListedAug 15, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileDAT AUTOHUS AG is one of Europe's largest used car dealers, operating two locations with over 130,000 square meters of showroom space. The company sells approximately 300,000 vehicles annually and maintains an inventory of up to 3,000 cars, offering financing, warranty packages, and related automotive services.
- Industry
- Used Car Sales & Automotive Retail
- Address
- Bockel, Germany
Attack summary
Severity: medium — Data has been published by the group and the victim is a large automotive retailer handling customer PII and financial information at scale, but the leak post excerpt provides no detail on proof files, data volume, or specific data types, limiting confidence in impact assessment.Everest group claims to have compromised DAT AUTOHUS AG systems and published data. The leak post provides minimal detail on the scope or nature of exfiltrated data.
Data the group says was taken
AI dossier — extracted from the leak post- customer personal data
- transaction records
- vehicle sales information
- potentially financial/financing details
Original description
AI-summarised, not from the leak postDAT AUTOHUS AG is a Germany-based company that specializes in the sale of new and used vehicles. It offers a wide array of cars, including compact cars, sedans, SUVs, sports cars, and commercial vehicles from various brands. The company also provides services such as financing, leasing, insurance, and car maintenance and repair. It's located in Bockel, Gyhum, Germany.
The leak post
captured from the group's siteEverest Group Everest Group News About the project Жалоба © 2026, All rights reserved ☀ ☾
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

