LSH Auto is having legal action taken against it after allegedly keeping current and ex-staff in the dark after their data was hacked.
They were told by letter more than six months ago of a ‘serious incident’ in June 2021, but requests for more information didn’t yield anything.
Now lawyers at Hayes Connor are mounting proceedings on behalf of more than 100 former and current employees, according to Infosecurity Magazine.
The letter said the cyberattack ‘may have resulted in unauthorized access’ to personal data, and only that an ‘unknown and unauthorized individual(s)’ was or were behind it.
It was feared the hacked data could have included National Insurance numbers and bank details, which in turn might have been used for attempts at identity fraud.
However, the luxury car dealership group, which has Mercedes-Benz showrooms across the north-west of England and the Midlands, told Car Dealer today (Mar 9) that no potentially compromised data had been misused.
It added that it took action straight away to protect its systems when the breach happened, and had offered the staff free credit checks plus support via a dedicated advice line.
Hayes Connor legal director Christine Sabino was quoted by Infosecurity Magazine as saying: ‘The initial letter caused huge concern amongst those affected.
‘Being told out of the blue that your data has been breached is worrying enough, but all of those affected still don’t know which data was accessed and what might have happened to it.
‘Whether they still work for this dealership or not, every single one of our clients has a right to know exactly what went wrong here.
‘LSH owes each and every person affected an explanation for this unnecessary distress.’
She added: ‘LSH should assure the people affected that this sort of incident won’t happen again and outline what steps they have taken to protect everyone’s data for the future.’
Martyn Webb, managing director of LSH Auto UK, told Car Dealer: ‘In June 2021, LSH Auto UK was the victim of a sophisticated cyberattack contained to its UK business.
‘We take the security of our systems and data extremely seriously, and so we immediately took action to protect our systems and engaged forensic specialists to investigate the incident.
‘We took immediate steps to protect our employees and communicate with them, offering all current and former employees support through a dedicated advice helpline and free credit checks.
‘Our investigations concluded that there was no evidence that any potentially compromised data had been misused, and the Information Commissioner’s Office subsequently confirmed that it would not be taking any further action.
‘We are sorry this happened and the uncertainty that it caused. We take such matters seriously, and have and continue to take all necessary steps to protect against cyberattacks.’