Data security breach image by GData security breach image by G


Car dealership group faces legal action over cyberattack that saw employees’ data hacked

  • Staff were told of ‘serious incident’ that took place last year but are said to have struggled to find out more
  • Lawyers are starting proceedings on behalf of more than 100 former and current employees
  • LSH Auto boss tells Car Dealer there was no evidence of misuse of potentially compromised data

Time 3:12 pm, March 9, 2022

LSH Auto is having legal action taken against it after allegedly keeping current and ex-staff in the dark after their data was hacked.

They were told by letter more than six months ago of a ‘serious incident’ in June 2021, but requests for more information didn’t yield anything.

Now lawyers at Hayes Connor are mounting proceedings on behalf of more than 100 former and current employees, according to Infosecurity Magazine.

The letter said the cyberattack ‘may have resulted in unauthorized access’ to personal data, and only that an ‘unknown and unauthorized individual(s)’ was or were behind it.

It was feared the hacked data could have included National Insurance numbers and bank details, which in turn might have been used for attempts at identity fraud.

However, the luxury car dealership group, which has Mercedes-Benz showrooms across the north-west of England and the Midlands, told Car Dealer today (Mar 9) that no potentially compromised data had been misused.

It added that it took action straight away to protect its systems when the breach happened, and had offered the staff free credit checks plus support via a dedicated advice line.

Hayes Connor legal director Christine Sabino was quoted by Infosecurity Magazine as saying: ‘The initial letter caused huge concern amongst those affected.

‘Being told out of the blue that your data has been breached is worrying enough, but all of those affected still don’t know which data was accessed and what might have happened to it.

‘Whether they still work for this dealership or not, every single one of our clients has a right to know exactly what went wrong here.

‘LSH owes each and every person affected an explanation for this unnecessary distress.’

She added: ‘LSH should assure the people affected that this sort of incident won’t happen again and outline what steps they have taken to protect everyone’s data for the future.’

Martyn Webb, managing director of LSH Auto UK, told Car Dealer: ‘In June 2021, LSH Auto UK was the victim of a sophisticated cyberattack contained to its UK business.

‘We take the security of our systems and data extremely seriously, and so we immediately took action to protect our systems and engaged forensic specialists to investigate the incident.

‘We took immediate steps to protect our employees and communicate with them, offering all current and former employees support through a dedicated advice helpline and free credit checks.

Win two tickets to Car Dealer Live

Car Dealer is conducting a short five-question survey on your thoughts on finance provider Black Horse.

To win two tickets to next week’s Car Dealer Live event simply answer the questions and provide your name and email address. The draw will take place on March 5.

Fill in the survey here.

‘Our investigations concluded that there was no evidence that any potentially compromised data had been misused, and the Information Commissioner’s Office subsequently confirmed that it would not be taking any further action.

‘We are sorry this happened and the uncertainty that it caused. We take such matters seriously, and have and continue to take all necessary steps to protect against cyberattacks.’

John Bowman's avatar

John has been with Car Dealer since 2013 after spending 25 years in the newspaper industry as a reporter then a sub-editor/assistant chief sub-editor on regional and national titles. John is chief sub-editor in the editorial department, working on Car Dealer, as well as handling social media.

More stories...

Server 108