A top firm of London lawyers has launched a ‘no-win, no-fee’ scheme to help victims of the recent data breach at Arnold Clark.
The dealer group suffered a cyber attack just before Christmas and customers’ personal information has since been published on the dark web.
The Scottish outfit says it ‘takes the protection of customer data extremely seriously’ but a large group action could now be on the horizon.
Legal firm Keller Postman has set up a ‘Get Justice for the Arnold Clark Data Breach’ scheme, which could result in huge compensation packages being paid out.
The lawyers have even created an instant eligibility checker on their website and are encouraging potential victims to come forward.
Writing on its website, Keller Postman accused Arnold Clark – the most profitable dealer group in the UK – of making the attack ‘easier’ with ‘failures to adopt standard security measures’.
‘Customers of Arnold Clark may have had their personal information exposed following a data hack,’ the company said.
‘The breach happened after hackers broke into the car dealer’s systems. Tens of thousands of people are thought to be at risk.
‘According to various media reports, the stolen data includes names, dates of birth, phone numbers, email addresses, copies of passports and home addresses.
‘One national newspaper claims that copies of bank statements have also been stolen.
‘As of 26 January 2023, the hackers have already released 15 gigabytes of sensitive data. Another, much larger upload is threatened if the cryptocurrency ransom is not paid.
‘Keller Postman UK has launched an investigation to find out what happened and how this breach affects Arnold Clark customers.
‘We believe that failures to adopt standard security measures may have made this attack easier.’
Arnold Clark ‘working to protect customers as a matter of priority’
The cyber attack was carried out on December 23, although it was initially believed to have been on Christmas Eve.
At the time, bosses insisted that customer information was safe but were later forced to concede that personal data had been compromised.
In an update posted last week, Arnold Clark said it was ‘proactively contacting’ customers who may have been affected.
Three weeks have now passed since the firm told its first customers that hackers may have gained access to their bank details and ID documents.
Last month, Car Dealer reported that hackers were demanding millions in ransom to avoid a massive upload of customer information to dark web.
‘Arnold Clark takes the protection of our customer data extremely seriously,’ the firm said in its most recent update.
‘Therefore, we have now taken the decision to proactively contact customers who may have been affected to make them aware of the cyber incident, and to offer them guidance and protection in conjunction with our partners Experian.
‘We are working to protect our customers as a matter of priority, and we will continue this process to ensure all our customers who may have been affected by this incident are made aware and are offered assistance and protection.
‘Arnold Clark remains in regular contact with the regulatory authorities and is continuing to seek guidance from the police.’
Last October, Pendragon was also hit with a cyber attack. Those hackers – another group – threatened to release the data too but never did. Pendragon refused to pay the ransom.
Firms that suffer data breaches face being fined millions by the ICO.
Leading dealership boss Robin Luscombe recently told the Car Dealer Podcast that firms have been left defenceless against an ‘industry of fraudsters and scammers’.
Car Dealer has approached Arnold Clark for comment.
Car Dealer Live – the future of the car dealer – exclusive conference features talks from leading car dealers, Google and Auto Trader among much more. Find out the full event details and book tickets.