Dealer group Pendragon is currently the subject of a cyberattack and is being held to a $60m (£54m) ransom by hackers.
The listed firm, which owns around 160 showrooms across the UK and uses the Evans Halshaw and Stratstone names, has had its IT servers hacked, with dark web hackers having stolen five per cent of its data.
The gang is connected to a group known as LockBit 3.0, said The Times.
The hackers want Pendragon to pay the $60m (£54m) into a bitcoin wallet.
If not, the hackers will release sensitive data on the dark web today (Oct 21), it’s believed.
Pendragon said it had not taken part in discussions about payment, adding that it has taken steps to protect the remainder of its system.
The company’s chief marketing officer, Kim Costello, told the newspaper: ‘We refuse to be held hostage by this group and we will not be paying a ransom demand.’
Pendragon also issued a press release which said: ‘We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident.
‘This has not affected our ability to operate, and we continue to service our customers and communities as normal.
‘Upon discovery, we took immediate steps to contain the incident.
‘Our security specialists launched an extensive investigation to assess fully what has happened and we’ll be keeping our customers and partners updated.
‘To add, the Pinewood Dealer Management System was and remains completely unaffected.’
It went on to say: ‘We have reported this with the National Cyber Security Centre, the Information Commissioner’s Office, the FCA and the police.’
Pendragon has also alerted its manufacturer partners and told its 4,000 staff.
Costello also said: ‘Earlier this month we became aware that our IT systems had been compromised.
‘Upon discovery, we took immediate steps to contain the incident but can confirm some data was stolen.
‘We have been contacted by LockBit, a criminal organisation who demanded that we pay tens of millions of dollars before a deadline or they would release the data on to the dark web.’
LockBit is a prolific criminal hacking group, and is thought to have recently targeted insurance firm Kingfisher, and NHS supplier Advance Health and Care.
In August, it was reported to have been behind some 40 per cent of ransomware demands.
Later on Friday (Oct 21), Pendragon said it had obtained an interim injunction against the hackers.