Credit reports for a few thousand customers of Audi Ontario and Porsche Ontario dealerships were dumped by ransomware threat actors who claim they locked Walter’s Automotive Group and exfiltrated data, but Walter’s would not respond to them. More than 22,000 driver’s license images were also in the data dump. If you bought an Audi or a Porsche from Audi Ontario or Porsche Ontario in California — or didn’t buy one but had just applied for credit for one of the two dealerships — your personal details and credit report may now be freely available on the dark web. Threat actors known as Vice Society recently claimed to have locked and exfiltrated data from Walter’s Automotive Group. Walter’s owns Audio Ontario and Porsche Ontario, as well as Porsche Riverside, Walter’s Mercedes-Benz, Walter’s Audi, and Walter’s Sprinter. According to a Vice Society spokesperson’s statement to Datahacks.net, Walter’s did not respond to their contact to initiate a ransom demand. As a result, Vice Society dumped the data that they had exfiltrated during the attack. In one folder alone, Datahacks.net found more than 21,000 images of driver’s licenses. The image files were date-stamped between May of 2018 and May of 2021. Another folder contained almost 4,400 files related to customer credit applications for customers of Audi Ontario. These did not all represent unique customers, as for each customer, there was often two or three files. The date stamps on these were between January 2017 and June, 2021. The applications and completed reports contain the applicant’s name, date of birth, current address, SSN, phone number, email address, current and past employers, past addresses, salary information, and credit history including FICO score, loan balances, etc. Another folder under Audi Ontario contained almost 200 driver’s license images. Credit applications for some Porsche Ontario customers or potential customers were also found in the dump. There were more than 1,000 files, but again, that is not the number of unique customers. Most of the credit report applications and reports are within the last year. There was also a file with more than 1,000 driver’s license images. Neither Audi Ontario, Porsche Ontario, or Walter’s Automotive Group replied to multiple inquiries sent to them this past weekend via web site contact forms as well as email to the automotive group’s IT department. Datahacks.net sent email inquiries tonight to a few recent customers of Audi Ontario. One already replied, and informed this site that he has not been notified by Walter’s or the dealership of any data theft or incident. If the dealerships or Walter’s responds to this site’s inquiries, this post will be updated.