8:00 am, January 23, 2023
Hackers who targeted Arnold Clark are demanding that the dealer group pay a multi-million-pound ransom or else face a massive upload of leaked customer data.
According to yesterday’s Mail on Sunday, the cyber attackers have already released 15 gigabytes in one go. Now they’re threatening to post another 467 gigabytes of sensitive customer information.
The report says cyber criminal gang Play has already put customer information such as National Insurance numbers, passports and addresses on the dark web.
The newspaper claims to have seen some of the sensitive customer data, such as copies of bank statements.
Tens of thousands of people could be at risk of having their details used in identity fraud, a cybercrime expert has claimed.
The attack on the Glasgow-headquartered number 1 Car Dealer Top 100 firm was carried out just before Christmas – it was originally believed to have taken place on Christmas Eve.
Today’s Times adds that full names of customers, their home addresses, dates of birth, phone numbers, email addresses, copies of finance deals plus insurance certificates were also among the data haul.
Private motorists and corporate customers are listed, along with company-wide schemes that list named drivers.
It’s believed the hackers want the ransom paid in cryptocurrency.
The Times quoted cybercrime expert and ex-military intelligence officer Philip Ingram as saying: ‘There could be tens of thousands of people at much greater risk of having their personal details used by criminals for identity theft and fraud.’
An Arnold Clark spokeswoman told Car Dealer today: ‘We are continuing our investigations into the incident on 23rd December as a priority, alongside our external cyber security partners.
‘We take the security and safety of our customer data very seriously and accurate identification of any potential compromise of that data remains our primary focus.
‘Once we have a full picture of all the data that is potentially compromised, we will be contacting our customers to make them aware.
‘We will continue to take all necessary actions to minimise any impact to our customers and third-party partners.’
The spokeswoman added: ‘We are liaising with the relevant regulatory authorities over this incident, especially the ICO [Information Commissioner’s Office] and the police.
‘During this incident, we did voluntarily disconnect our corporate network to protect our customers, third-party partners and our systems.
‘This has inevitably resulted in some operational difficulties, and our IT security team, in conjunction with our external security partners, are restoring a new segregated corporate network in a secure environment.
‘This has meant our systems are not yet back to 100 per cent functionality and we apologise for any inconvenience this may be causing our customers.’
The Times quoted Det Insp Norman Stevenson, of Police Scotland’s cyberinvestigations unit, as saying: ‘Our inquiries are ongoing and we are working closely with the business.’
The Mail on Sunday quoted an ICO spokesperson as saying: ‘Arnold Clark made us aware of an incident and we are making inquiries.’
Last October, Pendragon was also hit with a cyber attack. Those hackers – another group – threatened to release the data too but never did. Pendragon refused to pay the ransom.
Firms that suffer data breaches face being fined millions by the ICO.
Car Dealer Live – the future of the car dealer – exclusive conference features talks from leading car dealers, Google and Auto Trader among much more. Find out the full event details and book tickets.
