Dealer group Sandicliffe was victim to a cyber attack where personal data was potentially accessed due to a phishing scam.
Those who may have been affected were alerted by Sandicliffe, which has dealerships in Nottingham, Leicester and Loughborough.
The Nottingham Post reported that ‘the bank account details and medical histories of ‘possibly thousands’ of people were stolen during a cyber attack on a well-known car dealership company.’
This came from CEL Solicitors, where it alleges that this could include people’s names, bank details including account and sort numbers, date of birth, National Insurance numbers, passport scans, salary levels and medical histories.
The cyber attack took place earlier in 2020 and CEL say they discussing this with those affected.
However, Sandicliffe say ‘there is no evidence this is the case’.
It told Car Dealer that while it ‘cannot conclusively say either way’ whether bank details have been accessed that ‘feedback we have had since the notifications have been sent would lead us to believe that they have not’.
Sandicliffe confirmed the cyber attack happened when two employees email accounts were accessed.
Speaking to Car Dealer, Sandicliffe managing director Paul Woodhouse said: ‘We were subject to a breach earlier this year.
‘Further to a phishing attack, two of our employees email accounts were accessed.
‘As soon as we were aware we immediately patched the access point and ensured that all was secure.
‘There was some personal data within the two emails accounts which may have been accessed but we have no evidence that that was the case.
‘We have contacted all of the individuals who may have been affected as well as the ICO.’
The automotive industry is no stranger to cyber attacks, with Honda affected globally earlier this year.
Computers and phone systems stopped working in a ransomware attack and employees were sent home.