BMW

Summary

BMW confirmed a third-party cyber incident on 14 September 2025 after the Everest ransomware group claimed to have accessed critical BMW audit documents through a breach of US supplier Change2Target. The attackers exfiltrated approximately 600,000 lines of sensitive internal data including internal quality management documents and safety-related audit materials. BMW's own infrastructure was not directly compromised.

What Happened

On 14 September 2025, the Everest ransomware group posted a leak claiming to have accessed critical BMW audit documents. BMW subsequently confirmed that a data breach had occurred at Change2Target, a third-party service provider in the United States. The Everest ransomware group exfiltrated approximately 600,000 lines of sensitive internal data from the supplier. The compromised information included internal quality management documents and safety-related audit materials used by BMW.

Impact on Individuals

The breach primarily affected BMW's corporate operations rather than individual customers. The stolen data consisted of internal quality management documents and safety audit materials, representing sensitive business intelligence about BMW's quality control processes and safety standards. No customer personal information was reported as compromised.

Organisational Response

BMW confirmed the third-party breach and clarified that its own infrastructure was not directly compromised. As a precautionary measure, the company blocked access to affected accounts and conducted extensive security checks. BMW emphasised that the incident was isolated to the US-based third-party service provider Change2Target and did not result from a direct attack on BMW systems.