The company, previously known as Systems 2000 (Sys2K), serves over 7,000 dealerships across the automotive, marine, powersports, heavy-duty, and RV retail industries. Its suite of software tools supports operations such as CRM, sales, accounting, inventory tracking, fleet management, rentals, and mobile dashboard access.
According to a data breach notification filed with the Office of the Maine Attorney General, the cyberattack occurred on August 19, 2025. During the incident, hackers infiltrated Motility’s systems, stole sensitive data, and later encrypted parts of its servers to disrupt operations.
“On or about August 19, 2025, we detected unusual activity within certain computer servers that support our business operations,” the notification to affected users stated. “An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems.”
Motility revealed that forensic analysis suggests the attackers may have exfiltrated limited customer data before encryption. The information potentially exposed varies by individual and may include:
-
Full name
-
Physical address
-
Email address
-
Phone number
-
Date of birth
-
Social Security number (SSN)
-
Driver’s license number
Following the incident, the company initiated an internal investigation, enhanced its cybersecurity defenses, and restored affected systems using backups. While it remains unclear whether Motility communicated with the attackers, the company has implemented dark web monitoring to detect any leaks of stolen data online.
Currently, no ransomware group has claimed responsibility for the breach. Motility stated that there is no evidence of data misuse at this time but encouraged customers to remain vigilant and take protective steps such as credit monitoring, fraud alerts, and credit freezes.
As part of its response, Motility is offering one year of free identity monitoring through LifeLock, with enrollment available until December 19, 2025, using a personalized activation code.