Auto dealership software company Motility Software Solutions this week notified 766,670 people of an August 2025 data breach that compromised the following info:
- Names
- Social Security numbers
- Phone numbers
- Email addresses
- Dates of birth
- Driver’s license numbers
Ransomware group PEAR took credit for the breach on Motility’s parent company, Reynolds & Reynolds, saying it stole 4.3 TB of data. To prove its claim, PEAR posted images of what it says are documents stolen from Motility. They include spreadsheets of customer and employee personal info, according to PEAR.
Neither Motility nor Reynolds & Reynolds have verified PEAR’s claim. We do not know if the company paid a ransom, how much PEAR demanded, or how attackers breached Motility’s network. The company declined answering Comparitech’s questions.
“On or about August 19, 2025, we detected unusual activity within certain computer servers that support our business operations,” says Motility’s notice to victims. “An investigation determined that an unauthorized actor deployed malware that encrypted a portion of our systems. Although the malware primarily restricted our access to internal data, the forensic evidence suggests that, before encryption, the actor may have removed limited files containing customers’ personal data.
Motility is offering eligible victims 12 months of free credit monitoring and identity theft protection through Norton Lifelock. The deadline to enroll is December 19, 2025.
“Upon identification of suspicious activity on its network on August 19th, Motility took the impacted server offline to isolate the incident, investigate the cause, and conduct remediation activities,” says a news release on Reynolds & Reynolds’ website. “Reynolds’ systems and network is separate from Motility’s network and was not affected by the incident.”
Who is PEAR?
PEAR, or Pure Extraction and Ransom, is a new ransomware gang that steals and ransoms data. Unlike many other ransomware strains, it does not encrypt data. Instead, it focuses solely on data theft and extortion.
PEAR started taking credit for ransomware attacks in August 2025. Since then, it’s claimed responsibility for four confirmed ransomware attacks. It’s made another 31 unconfirmed attack claims that haven’t been acknowledged by the targeted organizations.
PEAR’s other confirmed targets include:
- Think Big Health Care Solutions reported a June 2025 data breach. PEAR says it stole 60 GB of data.
- West Chester Township, Ohio reported an August 2025 data breach. PEAR says it stole 2 TB of data.
- The Job Shop just began issuing data breach notices following a June 2025 data breach. PEAR says it stole 135 GB of data.
Ransomware attacks on US tech
Comparitech researchers have logged 16 confirmed ransomware attacks on US tech companies in 2025 to date, compromising 807,000 records.
Other such recently confirmed attacks include:
- Automated Business Solutions reported a July 2025 data breach claimed by Akira
- Insight Partners notified 12,657 people of an October 2024 ransomware attack by unknown attackers
- Minsait ACS notified 332 people of a May 2025 ransomware breach by unknown attackers
Ransomware attacks on tech companies can steal data and lock down computer systems. In PEAR’s case, it’s just the former. For a software vendor like Motility, a breach could compromise the data of client businesses, and in turn those business’ customers and staff. Data extortion forces businesses to pay a ransom for the ransomware gang to delete the stolen data. If the company doesn’t pay, then the ransomware group sells or publicly releases the data.
About Motility Software Solutions
Motility Software Solutions sells software to automotive dealerships to track repairs and manage vehicles. The company was founded in 1984 and is headquartered in Maitland, Florida. Reynolds & Reynolds acquired it in 2022. It focuses on dealers who sell RVs, buses, heavy trucks, emergency vehicles, marine vehicles, and trailers, according to its website.
