Owned and operating out of Virginia, Berglund Management is an auto service organization specializing in sales. Doing business as Berglund Automotive, they offer comprehensive auto services, a massive vehicle selection, and professional solutions for every driver. However, the community’s trust in them may waiver in the coming weeks. They’ve been the target of a cybersecurity event.
It is unclear how the assailants made the attack possible or what their motivations may have been. Berglund describes the event as “unauthorized activity” within its network. There isn’t much else public about the incident; this may indicate ongoing investigations or an inability to further comment on the circumstances.
There is conflicting information about the timeline of the breach. The filing published with the Maine Attorney General’s office suggests the event happened around May 10th, 2023; the consumer notice, however, suggests this was the day officials discovered the event. Conversely, the Maine filing states the event was discovered in late October—whereas the notice says this was when internal investigations concluded. Regardless of the conflicting timelines, one date is concrete: November 22nd, the day officials began notifying parties.
Berglund has not indicated who the impacted parties may be; however, the impact figure is significant, suggesting consumers. Those with accounts associated with Berglund or who have purchased vehicle services from them may also be at risk.
According to the Maine Attorney General’s website, 51,514 records were accessed or stolen in the attack. Those with data involved in the breach should receive their notices in the mail sometime in the following two weeks.