Branhaven Motors Data Breach Affects 11,774 Customers

On April 30, 2025, Branhaven Motors, a family-owned car dealership in Branford, Connecticut, discovered a data breach impacting its network. The breach was the result of a ransomware attack orchestrated by the group known as BLACK SUIT. According to public disclosures and dark web postings, the attackers claimed to have accessed and exfiltrated over 50 GB of sensitive data, including user data, business records, employee information, and financial documents. The incident occurred between September 9 and September 10, 2024, but was not disclosed until months later.

A total of 11,774 individuals in the United States were affected by this breach including 4 Maine residents and 53 Massachusetts residents as detailed in filings with the Maine Attorney General’s office and the Massachusetts Attorney General’s office. Branhaven also notified the Vermont Attorney General’s office.

The information exposed in this incident includes personally identifiable information (PII) such as full names, Social Security numbers, and driver’s license numbers.

The attackers posted about the breach on the dark web on October 2, 2024, threatening to publish the stolen data within 48 hours if their demands were not met. The breach was officially disclosed to authorities in May 2025, and written notices were sent to affected consumers on May 20, 2025.

Branhaven Motors' response

Upon discovering the breach, Branhaven Motors launched a prompt and thorough investigation with the help of external cybersecurity professionals. The company conducted an extensive forensic review to determine the scope of the incident and identify the affected individuals. Written notifications were sent to all impacted consumers, providing detailed instructions on steps to protect their personal information.

Branhaven Motors has advised affected individuals to remain vigilant by regularly monitoring their financial account statements and credit reports for any signs of fraudulent activity. The company’s notice includes guidance on placing a fraud alert or security freeze on credit files, as well as information on how to obtain free credit reports. Contact information for the three major credit bureaus—Equifax, Experian, and TransUnion—was provided to assist consumers in taking these protective measures.

Given the nature and severity of the breach, it is especially important for those affected to:

• Place a fraud alert on their credit files.
• Consider placing a security freeze on their credit reports.
• Obtain and review free credit reports for unauthorized activity.
• Report any suspicious activity to law enforcement and the Federal Trade Commission.

Branhaven Motors has also established a dedicated, confidential toll-free response line for individuals seeking more information or assistance regarding the breach.