What Happened in the Peruzzi Buick GMC Data Breach?
Peruzzi Buick GMC, a Buick and GMC dealership based in Fairless Hills, Pennsylvania, has confirmed a data breach that exposed sensitive customer information. The Peruzzi Buick GMC data breach began when unauthorized actors gained access to the dealership’s computer network. As a result, thousands of people now face a heightened risk of identity theft and fraud.
According to notification filings, unauthorized access to the dealership’s network occurred on or about February 27, 2025. Just days later, on March 4, 2025, a ransomware group known as Qilin posted on the dark web claiming responsibility. The group stated it had stolen roughly 60 GB of data from the dealership and posted sample screenshots as proof. Qilin also threatened to publish all of the stolen files by March 11, 2025, if its demands were not met.
Because ransomware incidents often involve large volumes of files, determining exactly what was taken can take considerable time. In this case, the investigation into which files were affected was not completed until June 22, 2026. This was more than 15 months after the initial intrusion. The delay reflects the complexity of reviewing stolen data to identify individuals whose information was compromised.
Once the review concluded, Peruzzi Buick GMC determined that the exposed files contained personal and health-related information. The dealership then began notifying affected individuals and relevant state authorities. This timeline shows how ransomware attacks can have consequences that unfold long after the initial breach.
Who was affected?
The Peruzzi Buick GMC data breach affected 5,450 individuals, according to the company’s notifications to state attorneys general. Those impacted are likely customers of the dealership, though the notification does not specify whether employees were also included. Anyone who purchased a vehicle, financed a car, or interacted with the dealership’s service department could potentially be affected.
Peruzzi Buick GMC notified the attorneys general offices in Massachusetts, Indiana, and Vermont. This suggests the affected population extends beyond Pennsylvania and includes residents in multiple states. Because the dealership serves customers from a wide geographic area, individuals nationwide may need to check whether they received a notification letter.
The breach involved both personal and health information, which raises the stakes for affected individuals. In addition, the presence of protected health information suggests some customers may have submitted health-related documentation as part of financing or warranty processes. As a result, this breach could affect people beyond typical vehicle purchase transactions.
What Information Was Potentially Exposed?
The investigation confirmed that a specific set of sensitive data categories were exposed in the breach. This information could be used by criminals for identity theft, fraud, or other malicious purposes. Understanding what was exposed helps affected individuals take the right protective steps.
- Full names
- Social Security numbers
- Driver’s license numbers
- Health records and protected health information
Social Security numbers are among the most valuable pieces of data for criminals. With a name and Social Security number, a fraudster can open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. Because this type of fraud can go undetected for months, affected individuals should remain especially vigilant going forward.
The exposure of driver’s license numbers adds another layer of risk. Criminals can use this information to create fake identification documents or verify stolen identities during fraudulent transactions. Meanwhile, exposed health records could lead to medical identity theft, where someone uses stolen information to obtain medical services or prescriptions under another person’s name. This can result in inaccurate medical records and unexpected bills for the victim.
What is the company doing?
Once Peruzzi Buick GMC confirmed that personal information had been compromised, the dealership began notifying affected individuals by mail. The notification letters included instructions for enrolling in identity protection services. In addition, the company referenced identity theft prevention resources from the Federal Trade Commission to help individuals understand their options.
As part of its response, Peruzzi Buick GMC is offering a complimentary membership to Experian IdentityWorks for those affected. This service typically includes credit monitoring and identity theft detection tools. Furthermore, the dealership filed formal notifications with attorneys general offices in Massachusetts, Indiana, and Vermont, fulfilling its legal obligations under state data breach notification laws.
What Should Affected Individuals Do?
Enroll in Credit Monitoring and Review Your Credit Reports
If you received a notification letter from Peruzzi Buick GMC, consider activating the complimentary Experian IdentityWorks membership right away. This service can alert you to suspicious activity on your credit file. Because early detection often limits damage, acting quickly matters.
In addition to using the offered service, request free copies of your credit reports from all three major credit bureaus. Review them carefully for accounts or inquiries you don’t recognize. If you spot anything unusual, report it immediately to the credit bureau and consider contacting a data breach attorney for guidance.
Place a Fraud Alert or Credit Freeze
Because Social Security numbers and driver’s license numbers were exposed, placing a fraud alert or credit freeze is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by restricting access to your credit file entirely.
You can request a credit freeze for free with each of the three major credit bureaus: Equifax, Experian, and TransUnion. This process typically takes just a few minutes online or by phone. As a result, it significantly reduces the risk that someone could open fraudulent accounts using your stolen information.
Protect Against Medical Identity Theft
Since health records were part of the exposed data, affected individuals should watch for signs of medical identity theft. This includes reviewing statements from your health insurance provider for services you did not receive. It also means checking your medical records periodically for inaccuracies.
If you notice unfamiliar charges or unrecognized treatments on your insurance statements, contact your insurer right away. Additionally, request an accounting of disclosures from your healthcare providers to see if your information was accessed without your knowledge. Taking these steps early can help prevent long-term complications with your medical records.
Stay Alert for Phishing Attempts
After a data breach, scammers often use stolen information to craft convincing phishing emails or phone calls. Be cautious of any message claiming to be from Peruzzi Buick GMC, Experian, or a government agency asking for personal details. Legitimate organizations rarely request sensitive information through unsolicited messages.
Instead of clicking links or calling numbers provided in suspicious messages, verify the sender through official channels. For example, visit the company’s official website directly rather than using a link from an email. This simple habit can prevent you from falling victim to secondary scams tied to this breach.
More Information
Related Data Breaches
- Yorozu Automotive Data Breach Exposes Social Security Numbers and Medical Records
- Peruzzi Auto Group Data Breach Investigation: Social Security Numbers and Driver’s License Information Potentially Exposed
- OEConnection Data Breach Investigation: Social Security Numbers and Financial Information Potentially Exposed
