One of the UK’s biggest car dealers, Arnold Clark, has suffered a major data breach. Despite a statement by the company which suggests that the disruption caused over the Christmas and New Year period was a precautionary measure.

However, our Cyber Security team have today discovered that customers’ personal data and much more information has been published on the dark web.

The hacker group named ‘Play’ have taken responsibility for the hack and made a small sample of data available for download from the 467 GB they claim to have stolen.

They have threatened to publish the full data “If there [is] no reaction”. This would suggest the group have made contact with Arnold Clark and demanded a Ransom payment.

Our Cyber Security team have now been in contact with cyber police forces with information to help in their investigations.

We have also approached the Information Commissioner’s Office to enquire whether this breach has been reported and was informed that there were no active cases listed. We have also asked Arnold Clark via twitter to confirm if the cyber attack and data breach had been reported. We have not received a response as yet. 

Arnold Clark confirmed that there had been a cyber security incident on 23rd December 2022 and that as a result they took down their network and systems as a precaution.

They posted on twitter on 27th December with their first public announcement of any issue, saying:

To our customers, please accept our apologies; we’re experiencing technical issues affecting our systems and, intermittently, our telephones. Please bear with us as we try to fix these problems. In the meantime, please DM us or email us at [email protected]

Source: https://twitter.com/ArnoldClark/

Our CEO, Joe Burns asked on Twitter for a verification of the cyber attack to which they responded:

Hi Joe. Suspicious network traffic was detected, and we closed all our systems, to protect our customers and ourselves. We are now investigating and reenabling our network and systems in a safe, secure and phased manner.

Finally on 3rd January 2023, 11 days after the initial incident, Arnold Clark made a statement.

Late on the evening of 23rd December, the Group was notified by our external cyber security consultants of suspicious traffic on our network. Once we confirmed this internally with our own Cyber team, we made the decision to bring down our network voluntarily as a purely protective measure, which has resulted in us cutting connectivity to the internet, our dealerships and our third-party connections.

 

Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been acheived, this action has caused temporary disruption to our business and unfortunately our customers.

 

Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner.

 

Our showrooms and branches are open and will be able to assist our customers using our temporary systems until we have been able to restore our full systems safely. We expect to resume customer vehicle collections later this week and our branches are contacting customers to arrange this.

 

Once again, we would like to thank our customers for their understanding and to apologise for any inconvenience this has caused.

This data breach serves as an important reminder of the need for companies to prioritise cybersecurity. In an age where digital data is increasingly valuable, it is essential that companies take the necessary steps to protect their customers’ data.