Cybercriminals have reportedly targeted Harley-Davidson during the Christmas season, with RedHotCyber (RHC) indicating that over 66,000 customer records might have been exposed.
The attack is reportedly linked to the 888 group, which is said to have shared a sample of the compromised data on an online forum. According to RHC, the data sample reveals customer information that could only have been obtained from the company’s internal IT systems or from a third-party vendor.
While both of those previous incidents involved employee data, the breach at Harley-Davidson carries heightened significance, primarily due to the nature of the information compromised, which pertains to customers rather than employees, and the scale of the breach.
The specific details of the compromised data have not yet been disclosed. In fact, Harley-Davidson has not confirmed that the data theft has occurred. However, RHC suggests that such an attack could reveal names, addresses, and possibly details related to the customers’ motorcycle purchases. This is particularly concerning as Harley-Davidson operates not just as a motorcycle and apparel manufacturer, but also provides financial services, meaning customers’ sensitive financial information could also be at risk.