BMW France claimed as Play ransomware victim

BMW France has been named on a dark-web blog that crooks use to publicize their latest victims. The company said it’s investigating the case.

Play ransomware claims to have breached BMW France on March 28, and threatens to leak the data within the next two weeks if the company doesn’t pay up.

Attackers claim they have stolen private and personal confidential data, contracts, financial information, and client documents. The volume of the exposed dataset is unknown.

BMW Group told Cybernews the company’s experts are “investigating the case.


“BMW Group experts are currently investigating the case and have not identified any system intrusions within the BMW Group at this time. We take the security of our data and the privacy of our customers very seriously,” the company’s spokesperson said.

BMW Group insisted the company will continue to investigate the matter.

“As the investigation is ongoing, we are unable to provide further details on the incident or the systems and data affected at this time. However, we will provide regular updates as more information becomes available,” BMW’s representative explained.

Usually, organizations appear on a ransomware gang’s site after threat actors have breached a company and stolen its data. Play ransomware employs double-extortion tactics to muscle victims into meeting its demands.

Cybercriminals that use this model often publish stolen data bit by bit, expecting victims to succumb to internal and external pressure.

Play ransomware is a relative newcomer to the game, first spotted in June 2022, and described as being inspired by Hive, another such gang that reportedly recently folded. According to the dark-web monitoring platform, DarkFeed, it has so far victimized 67 organizations.

However, during its young lifespan, the gang has already managed to cause a lot of damage. Most notably, Play was behind the crippling attacks against the city of Oakland, California.


BMW France is the commercial subsidiary of BMW Group France. The company is responsible for “the import, marketing, and promotion of vehicles, spare parts, and accessories through its exclusive network of dealerships.” BMW France boasts a 400-strong staff.


p style=”padding: 0px;line-height: var(–content-line-height);font-family: roboto, -apple-system, blinkmacsystemfont, ‘Segoe UI’, oxygen-sans, ubuntu, cantarell, ‘Helvetica Neue’, sans-serif;color: #3e4348;margin: var(–space-m) 0px 0px 0px”>BMW Group is a German automaker, one of the largest companies in its sector worldwide. The company earned over $16 billion in 2021, shipping over 2.5 million vehicles globally, and employs close to 120,000 people.


In February 2023, Cybernews researchers discovered an unprotected environment (.env) and .git configuration files hosted on the official BMW Italy website. Environment files (.env), meant to be stored locally, included data on production and development environments.

Researchers noted that while this information is not enough for threat actors to compromise the website, they could be used for reconnaissance – covertly discovering and collecting information about a system.

Updated with BMW Group’s reply on 4 PM GMT, March 29.

Customer Reviews


    Leave a Reply

    Thanks for submitting your comment!

    This site uses Akismet to reduce spam. Learn how your comment data is processed.