Automotive data and analytics provider Autovista has confirmed a ransomware incident disrupting its applications across Europe and Australia. The London-headquartered firm, owned by JD Power since 2024, issued a public service update on Wednesday, April 15, 2026, acknowledging it has engaged third-party experts to contain the attack. Some customer organizations have reportedly told staff to block inbound email from Autovista as a precaution, and the company has pulled email access for some staff, leaving usual contact channels unreachable.

What Happened

Autovista detected a ransomware infection affecting systems supporting its core data-driven applications, used by automotive manufacturers, dealers, body shops, insurers, telematics firms, and professional services clients. The company published a service update at autovista.com/service-update-1 confirming the attack is in its early stages and that no firm restoration timeline is available. Outside incident response specialists have been called in to assist with containment, root cause analysis, and recovery. Email access has been suspended for some Autovista staff, and the company has provided an alternate Autovista Group email address for urgent customer queries. The corporate website itself remains online.

What Was Taken

Autovista has not disclosed any data theft at this stage, and the investigation remains in its early phase. The company has not confirmed whether the threat actors exfiltrated customer data, vehicle valuation datasets, or internal records prior to deploying ransomware. Given Autovista's position as a vendor handling residual value data, total cost of ownership analytics, and vehicle specification and repair information across brands including Eurotax, Glass's, Rødboka, and Schwacke, any data loss could carry implications for downstream automotive, insurance, and telematics customers. No ransomware group has publicly claimed responsibility as of the source reporting.

Why It Matters

Autovista sits at the heart of European and Australian automotive pricing and analytics workflows. Outages directly impact insurers calculating settlements, dealers pricing trade-ins, manufacturers tracking residual values, and body shops sourcing repair data. The customer reaction of blocking inbound email illustrates a maturing supply chain defensive posture: downstream organizations are treating a compromised vendor's mail flow as a potential phishing or malware delivery channel until the incident is contained. For JD Power, which acquired Autovista Group in 2024, the incident underscores the integration risk of consolidating multiple regional vehicle data brands under one operational footprint.

The Attack Technique

Autovista has stated it does not yet know how attackers breached its systems, citing the early stage of the investigation. Third-party forensic experts are working to establish initial access, lateral movement, and the ransomware variant deployed. No indicators of compromise, ransomware family, or threat actor attribution have been published. The decision to revoke email access for affected staff is consistent with a containment posture that assumes credential compromise and the potential for business email compromise follow-on activity from attacker-controlled mailboxes.

What Organizations Should Do

1. Block or quarantine inbound email from Autovista domains until the company confirms its mail infrastructure is clean, mirroring the precaution already adopted by some customers.
2. Review any Autovista API integrations, data feeds, or SSO trust relationships and consider temporarily disabling or rate-limiting them pending vendor confirmation of containment.
3. Hunt for anomalous authentication, OAuth grants, or outbound connections to or from Autovista-related infrastructure across the past 30 days.
4. Brief staff that legitimate Autovista communications may now arrive from an alternate Autovista Group email address, and warn against unverified password reset or invoice messages purporting to come from the vendor.
5. Pull contingency plans for vehicle valuation, residual value, and TCO data dependencies, including alternate data sources for time-sensitive insurance and dealer pricing workflows.
6. Track Autovista's official service update page rather than relying on account managers, who may be offline due to suspended email access.

Sources: Autovista blames ransomware for service disruption • The Register