Arnold Clark motorstore Leeds used cars car supermarketArnold Clark motorstore Leeds used cars car supermarket


Hackers demand millions in ransom from Arnold Clark or else face massive upload of customer information to dark web

  • Tens of thousands of people said to be at risk of identity fraud after cyber attack on Arnold Clark
  • Cyber criminal gang has already released one lot of sensitive information
  • Another upload – believed to be more than 30 times bigger than the first – is being threatened
  • The hackers are demanding millions in cryptocurrency
  • Arnold Clark says it’ll contact customers once it has ‘a full picture’ of what data may have been taken

Time 8:00 am, January 23, 2023

Hackers who targeted Arnold Clark are demanding that the dealer group pay a multi-million-pound ransom or else face a massive upload of leaked customer data.

According to yesterday’s Mail on Sunday, the cyber attackers have already released 15 gigabytes in one go. Now they’re threatening to post another 467 gigabytes of sensitive customer information.

The report says cyber criminal gang Play has already put customer information such as National Insurance numbers, passports and addresses on the dark web.

The newspaper claims to have seen some of the sensitive customer data, such as copies of bank statements.

Tens of thousands of people could be at risk of having their details used in identity fraud, a cybercrime expert has claimed.

The attack on the Glasgow-headquartered number 1 Car Dealer Top 100 firm was carried out just before Christmas – it was originally believed to have taken place on Christmas Eve.

Today’s Times adds that full names of customers, their home addresses, dates of birth, phone numbers, email addresses, copies of finance deals plus insurance certificates were also among the data haul.

Private motorists and corporate customers are listed, along with company-wide schemes that list named drivers.

It’s believed the hackers want the ransom paid in cryptocurrency.

The Times quoted cybercrime expert and ex-military intelligence officer Philip Ingram as saying: ‘There could be tens of thousands of people at much greater risk of having their personal details used by criminals for identity theft and fraud.’

An Arnold Clark spokeswoman told Car Dealer today: ‘We are continuing our investigations into the incident on 23rd December as a priority, alongside our external cyber security partners.

‘We take the security and safety of our customer data very seriously and accurate identification of any potential compromise of that data remains our primary focus.

‘Once we have a full picture of all the data that is potentially compromised, we will be contacting our customers to make them aware.

‘We will continue to take all necessary actions to minimise any impact to our customers and third-party partners.’

The spokeswoman added: ‘We are liaising with the relevant regulatory authorities over this incident, especially the ICO [Information Commissioner’s Office] and the police.

‘During this incident, we did voluntarily disconnect our corporate network to protect our customers, third-party partners and our systems.

‘This has inevitably resulted in some operational difficulties, and our IT security team, in conjunction with our external security partners, are restoring a new segregated corporate network in a secure environment.

‘This has meant our systems are not yet back to 100 per cent functionality and we apologise for any inconvenience this may be causing our customers.’

The Times quoted Det Insp Norman Stevenson, of Police Scotland’s cyberinvestigations unit, as saying: ‘Our inquiries are ongoing and we are working closely with the business.’

The Mail on Sunday quoted an ICO spokesperson as saying: ‘Arnold Clark made us aware of an incident and we are making inquiries.’

Last October, Pendragon was also hit with a cyber attack. Those hackers – another group – threatened to release the data too but never did. Pendragon refused to pay the ransom.

Firms that suffer data breaches face being fined millions by the ICO.

Car Dealer Live – the future of the car dealer – exclusive conference features talks from leading car dealers, Google and Auto Trader among much more. Find out the full event details and book tickets.

John Bowman's avatar

John has been with Car Dealer since 2013 after spending 25 years in the newspaper industry as a reporter then a sub-editor/assistant chief sub-editor on regional and national titles. John is chief sub-editor in the editorial department, working on Car Dealer, as well as handling social media.

More stories...

Server 108