D'Ambrosio Dodge Data Breach Exposes Sensitive Personal Information

D'Ambrosio Dodge Inc., an automotive dealership in Downingtown, Pennsylvania, has disclosed a data breach that may have affected the personal information of its customers and employees.

On Nov. 24, 2025, D'Ambrosio Dodge was alerted to unusual activity involving its computer systems. In response, the company launched an investigation and took secured its systems. A third-party forensic firm was also engaged to assist with the investigation.

On Dec. 12, 2025, a ransomware group known as Qilin posted on the Tor network claiming to have obtained data belonging to the Jeff D'Ambrosio Auto Group.

The forensic investigation reached a key finding on Jan. 21, 2026, when investigators determined which files were likely impacted by the incident.

A more detailed review of those files was completed nearly two months later, on March 16, 2026, which confirmed that the affected files may have included personal information belonging to certain individuals. According to the company's notification, those affected may include both customers and employees of the dealership.

The types of information exposed in the breach included names, addresses and government ID numbers.

On May 5, 2026, the company disclosed the breach to the attorneys general of Maine and Vermont.

The total number of individuals affected across the United States was not disclosed in the regulatory filing. D'Ambrosio Dodge notified affected consumers through written letters on May 5, 2026.

D'Ambrosio Dodge's response to the breach

D'Ambrosio Dodge is offering free identity theft protection services through IDX. These services include credit monitoring and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services.

The duration of monitoring coverage varies by individual, with either 12 or 24 months of protection provided.

Affected individuals can enroll in the free identity protection services by calling 1-833-788-9712, visiting the IDX enrollment page. IDX representatives are available to answer questions Monday through Friday from 9 a.m. to 9 p.m. Eastern Time. The deadline to enroll in these services is Aug. 5, 2026.

The company also encouraged affected individuals to remain vigilant and to contact their financial institution if they notice any unauthorized charges or suspicious activity on their accounts.

Steps to take if your information was exposed

• Review account statements and credit reports regularly for any unfamiliar or unauthorized activity, and request free credit reports at AnnualCreditReport.com.
• Place a fraud alert with one of the three major credit bureaus (Equifax at 1-866-349-5191, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289), which will automatically notify the other two bureaus.
• Consider placing a security freeze on credit files to prevent anyone from opening new accounts using stolen personal information.
• Watch for phishing attempts that reference D'Ambrosio Dodge or this data breach by name, as scammers often exploit breach notifications to trick people into sharing more personal details.
• Report suspected identity theft to local law enforcement and file a complaint with the Federal Trade Commission at IdentityTheft.gov, as a police report may be needed to dispute fraudulent activity.