Peruzzi Auto Group Data Breach

What Happened in the Peruzzi Auto Group Data Breach?
According to Peruzzi Buick GMC, unauthorized access to its computer network occurred on or about February 27, 2025. The incident has been identified as a ransomware attack attributed to the cybercriminal group known as Qilin.
Shortly after the intrusion, the ransomware group reportedly claimed responsibility for the attack and stated that it had obtained approximately 60 GB of company data. The group also published sample screenshots on its leak site and threatened to release the stolen information publicly.
After discovering the incident, Peruzzi Auto Group secured its network and engaged experienced third-party cybersecurity professionals to conduct a comprehensive forensic investigation. The company also performed a detailed manual review of affected files to determine whether personal information had been compromised.
On June 22, 2026, the investigation concluded that certain impacted files contained sensitive personal information belonging to affected individuals.
Notification letters were subsequently mailed to affected individuals, and the breach was publicly disclosed on June 30, 2026.
Who was affected?
The breach may affect customers, employees, and other individuals whose personal information was stored within Peruzzi Auto Group’s network before the cybersecurity incident occurred.
Anyone who received a notification letter from Peruzzi Auto Group should carefully review the letter to determine what categories of personal information may have been impacted.
At the time of publication, the total number of affected individuals has not been publicly disclosed.
What Information Was Potentially Exposed?
According to the company’s notification, the information potentially exposed during the cybersecurity incident may include:
- Full names
- Social Security numbers
- Driver’s license numbers
- Government-issued identification information
- Health records
- Protected health information (PHI)
The specific information affected may differ from person to person.
Because the exposed information includes both financial identifiers and health-related information, affected individuals could face long-term risks of identity theft, financial fraud, medical identity theft, and social engineering attacks.
What is the company doing?
After learning of the unauthorized access, Peruzzi Auto Group stated that it immediately began an investigation and secured its network to prevent further unauthorized activity.
The company retained external cybersecurity professionals to assist with the forensic investigation and to review affected files. Once investigators confirmed that personal information had been involved, Peruzzi Auto Group began notifying affected individuals.
The company is also offering complimentary membership in Experian IdentityWorks, an identity protection service designed to help monitor personal information for signs of misuse.
According to the notification letter, Experian IdentityWorks includes identity monitoring and support services intended to assist individuals in detecting and responding to potential identity theft.
Additionally, the notification encourages affected individuals to remain vigilant by monitoring financial accounts, reviewing credit reports, and reporting any suspicious activity immediately.
What Should Affected Individuals Do?
If you received a notification letter regarding the Peruzzi Auto Group data breach, consider taking the following precautions to help protect your personal information.
Monitor Your Credit Reports
Review your credit reports regularly for unfamiliar accounts or unauthorized inquiries.
Consumers are entitled to free credit reports through AnnualCreditReport.com.
Consider Placing a Fraud Alert or Credit Freeze
Because Social Security numbers and driver’s license information may have been exposed, placing a fraud alert or credit freeze with the nationwide credit bureaus can help reduce the risk of identity theft.
Monitor Healthcare Records
Since health information may also have been compromised, affected individuals should review insurance statements and medical records for unfamiliar claims or services.
Be Alert for Phishing Attempts
Cybercriminals frequently use information obtained through data breaches to send convincing phishing emails, phone calls, and text messages. Be cautious when responding to unsolicited communications requesting personal information.
Enroll in Complimentary Identity Protection
Eligible individuals should consider enrolling in the complimentary Experian IdentityWorks services offered by Peruzzi Auto Group before the enrollment deadline listed in their notification letter.