Phil Smith Automotive Data Breach Affects 12,274 People

Florida-based, Phil Smith Automotive Group, disclosed a data breach that exposed sensitive information belonging to over twelve thousand people. The breach was the result of a ransomware attack that occurred in early February 2025, impacting the company’s information technology systems.

According to a disclosure filed with the Maine attorney general, the breach affected a total of 12,274 individuals in the United States.

The attack was discovered on June 10, 2025, when Phil Smith Automotive Group detected unauthorized activity within their IT environment. An investigation revealed that the attackers had gained access to personal information, including names, Social Security numbers and driver’s license or state-issued identification numbers.

The breach was officially disclosed to state authorities on July 31, 2025, as detailed in the notices to the Maine Attorney General, Massachusetts Attorney General, and the New Hampshire Attorney General. Written notifications to affected individuals began the same day.

Phil Smith Automotive Group's response

In response to the ransomware attack, Phil Smith Automotive Group notified federal law enforcement, including the FBI, and engaged leading cybersecurity experts to investigate the incident and strengthen their security posture. As part of their ongoing response, Phil Smith Automotive Group has installed monitoring devices on their IT systems to detect suspicious activity and is working to implement additional safeguards.

For individuals whose information was potentially exposed, the company is offering two years of complimentary credit protection and monitoring services through Cyberscout. Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter. The credit monitoring service provides alerts for 24 months from the date of enrollment, helping individuals detect any changes to their credit file that could indicate fraudulent activity.