Ransomware victim disclosure
← All victimsDrive & Shine
Claimed by Lynx · listed 11 months ago
Status timeline
- ListedAug 9, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Aug 9, 2025
About the victim
AI dossier — public-source company profileDrive & Shine is a regional car wash and automotive service provider operating in Michigan and Indiana. They offer express car washes, interior cleaning, detailing, oil changes, and VIP membership services, emphasizing eco-friendly cleaning methods and convenience for both individual and fleet customers.
- Industry
- Car Wash & Automotive Services
Attack summary
Severity: medium — Data has been published (confirmed disclosure status), but the leak post excerpt does not specify what data types were exfiltrated, proof volume, or scale. Car wash/automotive service companies typically hold customer PII (names, addresses, payment info) and possibly vehicle details, warranting medium severity in the absence of more granular claims.The Lynx group claims to have breached Drive & Shine and published exfiltrated data. The specific data stolen and operational impact are not detailed in the available leak post excerpt.
What the group claims
Drive & Shine is a premier car care service that offers express car washes, interior cleaning, detailing, and oil changes at locations in Michigan and Indiana. The company prides itself on using eco-friendly cleaning methods, including biodegradable soaps and advanced foam equipment, to ensure vehicles are cleaned without harsh chemicals. With a focus on convenience, they provide quick and easy services, including a VIP membership for unlimited washes and access to heated cleaning facilities. Drive & Shine caters to individual car owners as well as fleet services, prioritizing customer satisfaction and vehicle maintenance.
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

