Autovista, a London-based automotive data and analytics firm, confirmed this week that a ransomware attack has disrupted its systems across Europe and Australia. The company, which provides vehicle valuation data to manufacturers, dealers, insurers and body shops, disclosed the incident on 15 April after customer-facing applications began experiencing widespread outages.
The attack has forced Autovista to disable several of its core applications including tools that help automotive companies monitor residual vehicle values and calculate total cost of ownership analytics. Email access for some staff has been restricted as a containment measure, according to The Register, with the company directing customers to monitor its website for updates rather than contacting their usual representatives.
JD Power Acquisition Makes This a Larger Target
The breach is more significant than it appears because JD Power acquired Autovista Group in 2024. The acquisition brought together Autovista’s UK operations with established European brands including Glass’s, Eurotax, Rødboka and Schwacke, each providing vehicle data services in different markets. All brands’ websites now link to the same security advisory indicating the attack’s scope extends beyond Autovista’s direct operations.
Autovista’s applications serve a critical function in automotive operations. They provide the pricing benchmarks and valuation data that dealers use for trade-ins, insurers rely on for claim settlements and manufacturers need for residual value calculations. The company’s disrupted services affect the entire automotive value chain, not just end consumers.
No Group Has Claimed Responsibility Yet
No established ransomware group has claimed responsibility for the attack, according to multiple sources. This is notable because most major ransomware operations publicise successful breaches to pressure victims into paying. The silence suggests either the attackers are still negotiating privately with Autovista or this was carried out by a less established group that lacks the infrastructure to publish claims.
Anonymous sources told The Register that some organisations have advised their staff to block emails from all Autovista Group companies and delete any executables associated with them. This precautionary response indicates concerns that the attackers may still have access to Autovista’s email systems and could use them to launch secondary attacks against customers.
Root Cause Still Unknown After Four Days
Autovista stated it does not yet know how attackers breached its systems, despite engaging external cybersecurity experts to investigate. Four days into the incident, this suggests either the attack was sophisticated enough to obscure its entry point or the investigation is still in early stages. Both scenarios are concerning for a company that handles sensitive automotive industry data.
The company’s latest update, posted 17 April, acknowledged that “this is an ongoing investigation and may take some time to complete.” It provided no timeline for service restoration, stating only that securing applications before bringing them back online is the priority. Customers expecting quick resolution will be disappointed as this language suggests weeks, not days.
References
- Autovista blames ransomware for service disruption
- Update on Disruption of Autovista Applications
- Autovista confirms ransomware attack
- Ransomware disrupts Autovista’s systems
This post is also available in:
Svenska
Related News
Booking.com Data Breach Exposes Millions as WhatsApp Scammers Strike
Booking.com confirmed Monday that hackers accessed customer reservation data in a breach that appears to have been running undetected since early April. The travel platform…
April 15, 2026 
Eurail Breach Exposes 308,777 Passport Numbers After Christmas Attack
Eurail B.V. confirmed that attackers breached its network on 26 December 2025 and stole passport numbers and personal data belonging to 308,777 travellers. The Dutch…
April 10, 2026