Eagers said a third party accessed data from the company’s servers in the cyber incident which disrupted parts of its operations across Australia and New Zealand.

“The company can now confirm that the incident involved unauthorised access to parts of the company’s IT systems by a third party which accessed some data from our servers,” Eagers told the ASX on Tuesday.

“Based on investigations to-date, the company is in the process of notifying a small number of individuals identified who may face serious risk of data misuse.

“The company is committed to providing these affected individuals with the support and assistance they need as the company works to respond to this incident.”

Eagers has not revealed the number of people whose data has been stolen.

Eagers said if it detects any further personal information has been impacted, the affected individuals will be notified.

The cyber attack, which was revealed on Wednesday, left Eagers unable to finalise the sale of some new vehicles ready for delivery, as well as impacting some of its service and parts operations.

“On detecting the incident, the company took prompt action to isolate potentially impacted systems and engaged external experts to assist with managing the company’s response to the incident,” Eagers said.

“An investigation was launched at the earliest opportunity and Eagers Automotive continues to work to determine the extent of the incident and the impact to personal information.”

The nation’s largest car dealership group said the extent of the outage resulting from the cyber incident varied across regions and business units.

Eagers on Friday said the cyber incident would impact its pre-tax profit for the 2023 year through the deferral of some transactions across the last five days of December, although the impact was not expected to be material.

The group has more than 300 dealerships across Australia in all states and territories as well as in New Zealand and owns Australia’s largest national fixed price pre-owned automotive business, easyauto123.

Eagers has annual revenue of $8.5bn and a brand portfolio which includes BMW, Jaguar, Land Rover, Nissan, MG, Skoda and Volvo.

Eagers and Yakult Australia are the latest companies to be hit with a cyber attack, with ransomware group Dragonforce claiming to have stolen 95Gb worth of data from the probiotic drink maker.

The incidents follow high-profile cyber attacks on Medibank and Optus, the latter of which resulted in the personal information of 9.8 million Australians being stolen.

Eagers said it notified the Australian and New Zealand cyber security centres about the cyber incident and was notifying the Office of the Australian Information Commissioner and the NZ Office of the Privacy Commissioner.

More Coverage

Bull market to roar again in 2024

Paulina Duran

Can Hudson turn Qantas around?

Tansy Harcourt

Megan NeilBusiness reporter

Megan Neil is a Melbourne-based digital producer and former senior business reporter for The Australian, covering financial services. She spent 20 years at national newswire Australian Associated Press in various roles including senior national journalist, finance editor and Melbourne bureau chief. Megan covered several royal commissions including the financial services inquiry.

Megan Neil

More related stories

Business

Crown hit with $55m lawsuit over fugitive tycoon’s gambling sprees

Crown is now facing the music for gambling sprees by one-time hotel mogul Michael Gu who fled overseas as his empire imploded five years ago.

Read more

Companies

How does Macquarie regain its magic touch?

Shemara Wikramanayake’s investment bank these days is looking more like a reserve grader. But don’t write it off just yet.

Read more