Ransomware: ransomhouse claims Karl Chevrolet (US) — Consumer Services

On 29 April 2026, a ransomware group known as RansomHouse publicly claimed responsibility for a cyberattack against Karl Chevrolet, a US-based automotive dealership in the consumer services sector. The claim was published on the ransomware.live monitoring platform, indicating that the group has exfiltrated data and is threatening to release it unless a ransom is paid. This incident falls under the BREACH framework, which typically involves unauthorized access and data disclosure.

Organizations in the automotive retail and broader consumer services sectors are directly affected, particularly those handling customer financial and personal data. However, any EU entity with US subsidiaries or third-party relationships in these sectors should assess potential cross-border data exposure risks. The incident underscores that ransomware groups continue to target smaller, less-resourced firms in non-critical infrastructure sectors.

Compliance teams should immediately review their incident response plans to ensure they cover ransomware and data exfiltration scenarios. Verify that data breach notification obligations under GDPR are triggered if EU personal data is involved, and confirm that contracts with US partners include clear breach reporting timelines. Finally, conduct a tabletop exercise simulating a ransomware extortion demand to test decision-making and communication protocols.