Holdcroft Group HQ, Leek Road, Hanley, Oct 2021_Holdcroft Group HQ, Leek Road, Hanley, Oct 2021_


Hackers target dealer group Holdcroft in major cyber attack that may have compromised employees’ data

  • Years of data believed lost to cyber attackers
  • Some of Holdcroft Motor Group’s core systems were left ‘damaged beyond repair’
  • Hackers are believed to have demanded substantial payment
  • Staff are warned not to access personal sites from work computer and to change passwords
  • Investigation launched by police and Information Commissioner’s Office

Time 8:08 am, August 19, 2022

A car dealership group has fallen victim to a major cyber attack that caused ‘significant damage’ and may have compromised employees’ information.

Holdcroft Motor Group – which has 23 locations across the Midlands and north-west of England representing nine franchises – is understood to have lost data stretching back years, according to StokeonTrentLive.

The attack left some of the Car Dealer Top 100 company’s core systems ‘damaged beyond repair’ or ‘permanently deleted’ but customer data wasn’t compromised, Holdcroft said.

The news site added that it understood the hackers demanded a substantial payment following the attack. It is not known if the dealership group gave in to the demand.

Family-owned Holdcroft, which was established in 1966, is now warning its workforce not to access personal sites from their work computer.

They are also being urged to change their passwords for personal accounts such as banking, emails and pensions.

Staff were sent an email by the company, saying: ‘On Thursday 28th July 2022 the company was the victim of a serious cyber attack which has caused significant damage to the companies [sic] IT infrastructure and has also resulted in the loss of data from our internal storage areas.

‘Following internal investigations it has been confirmed that some of the data that has been compromised may contain employee personal data.

‘This is a significant attack that should be taken extremely seriously and we are working very closely with both Staffordshire Police and the National Cyber Operational Unit to trace how this has happened.

‘We have now managed to resolve the majority of the access issues that employees have been experiencing, although some of our core systems have been damaged beyond repair or have been permanently deleted.’

The Information Commissioner’s Office (ICO) and Staffordshire Police are investigating the attack.

A police spokesman was quoted as saying: ‘On Saturday, July 30 we received a report of a ransomware incident affecting a business in Stoke-on-Trent. An investigation is under way.’

Meanwhile, an ICO spokesperson was reported as saying: ‘TG Holdcroft Motors Ltd has made us aware of an incident and we are making inquiries.’

Holdcroft Group operations director Chris Greenhall was quoted as saying: ‘We can confirm we were victims of a cyber attack on Wednesday, July 27. However our core “dealer management system” which hosts our client data was and remains unaffected.

‘Those systems affected have now been fully restored. We would like to thank the efforts of all our people and suppliers who worked tirelessly to limit the disruption to our ongoing activities.’

Image: Google Street View

John Bowman's avatar

John has been with Car Dealer since 2013 after spending 25 years in the newspaper industry as a reporter then a sub-editor/assistant chief sub-editor on regional and national titles. John is chief sub-editor in the editorial department, working on Car Dealer, as well as handling social media.

More stories...

MFL Advert
Server 108