Amid growing concerns over cybersecurity, security incidents affecting the automotive and mobility industries surged by nearly 50% in the first quarter of 2025, according to recent data released by Upstream Security. Researchers tracked a staggering 148 publicly disclosed incidents in the first three months alone — a trajectory that, if it continues, could exceed the total of 409 incidents reported in 2024.
Of significant concern is the rise of ransomware attacks, which accounted for 45% of the incidents observed. A prominent case involved Tata Technologies, an India-based automotive and aerospace service provider that faced severe disruption to its IT systems. After a month of turmoil, a group named Hunters International claimed responsibility for the attack, releasing approximately 730,160 stolen company files onto the Dark Web.
With ransomware increasingly common within the automotive sector, experts warn that attackers often exploit compromised credentials to gain entry into systems. Yaniv Maimon, Upstream’s vice president of cyber services, noted that attackers could impersonate dealers or original equipment manufacturer (OEM) employees to gather sensitive data, access customer vehicle locations, and even manipulate vehicles remotely. Maimon adds that about 26% of the recorded incidents could have led to direct manipulation of vehicles on roads, heightening public safety concerns.
The broader threat landscape also reveals that 63% of the incidents were classified as data breaches or privacy-related incidents, with half posing risks of significant disruptions to services or business operations. Upstream emphasizes that many of these incidents could potentially affect millions of vehicles, reflecting a troubling trend in the industry. Additionally, the number of threat actors targeting automotive and mobility has risen dramatically from 300 to over 1,100 within the past year.