Arnold Clark Data Breach Updates

Confirmed Arnold Clark Cyber Attack leaks Customers’ private information on the Dark Web

Arnold Clark suffered cyber attack which has crippled the business since Christmas Eve.

Our CEO, Joe Burns has now discovered that leaked personal information has been published onto the dark web by hacker collective ‘Play’.

Arnold Clark Personal Data Leaked on Dark Web

Last Updated: 19/01/2023 09:47

One of the UKs biggest car dealers, Arnold Clark, has suffered a major data breach. Despite a statement by the company which suggests that the disruption caused over the Christmas and New Year period was a precautionary measure.

However, our Cyber Security team have today discovered that customers’ personal data and much more information has been published on the dark web.

The hacker group named ‘Play’ have taken responsibility for the hack and made a small sample of data available for download from the 467 GB they claim to have stolen.

They have threatened to publish the full data “If there [is] no reaction”. This would suggest the group have made contact with Arnold Clark and demanded a Ransom payment.

Our Cyber Security team have now been in contact with cyber police forces with information to help in their investigations.

We have also approached the Information Commissioner’s Office to enquire whether this breach has been reported and was informed that there were no active cases listed. We have also asked Arnold Clark via twitter to confirm if the cyber attack and data breach had been reported. We have not received a response as yet. 

Have Arnold Clark had Cyber Attack?

Arnold Clark confirmed that there had been a cyber security incident on 23rd December 2022 and that as a result they took down their network and systems as a precaution.

They posted on twitter on 27th December with their first public announcement of any issue, saying:

To our customers, please accept our apologies; we’re experiencing technical issues affecting our systems and, intermittently, our telephones. Please bear with us as we try to fix these problems. In the meantime, please DM us or email us at [email protected]


Our CEO, Joe Burns asked on Twitter for a verification of the cyber attack to which they responded:

Hi Joe. Suspicious network traffic was detected, and we closed all our systems, to protect our customers and ourselves. We are now investigating and reenabling our network and systems in a safe, secure and phased manner.

Finally on 3rd January 2023, 11 days after the initial incident, Arnold Clark made a statement.

Late on the evening of 23rd December, the Group was notified by our external cyber security consultants of suspicious traffic on our network. Once we confirmed this internally with our own Cyber team, we made the decision to bring down our network voluntarily as a purely protective measure, which has resulted in us cutting connectivity to the internet, our dealerships and our third-party connections.


Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been acheived, this action has caused temporary disruption to our business and unfortunately our customers.


Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner.


Our showrooms and branches are open and will be able to assist our customers using our temporary systems until we have been able to restore our full systems safely. We expect to resume customer vehicle collections later this week and our branches are contacting customers to arrange this.


Once again, we would like to thank our customers for their understanding and to apologise for any inconvenience this has caused.

Arnold Clark Customer Data Found on the Dark Web

Despite their statement after Christmas saying that Arnold Clark took down their systems as a precaution because they detected suspicious activity and that no customer data had been stolen, data belonging to the car retailer has been seen on the dark web.

The comment from this leak reads: Private and personal data, passports, IDs, confidential contracts, agreements, leasing contracts, finance information and many others. For now partially published compressed 15gb, If there no reaction full dump will be uploaded. Each of the archives can be used independently.’

This data breach serves as an important reminder of the need for companies to prioritise cybersecurity. In an age where digital data is increasingly valuable, it is essential that companies take the necessary steps to protect their customers data.

Worried about your business getting hacked?

If you would like to see how you could improve your Cyber Security, take our short, 12 question quiz:

5.0 97 reviews

  • Avatar Nathan W. ★★★★★ 2 months ago
    Reformed IT have been beyond brilliant with helping us improve our current IT infrastructure and security. The services that they provide has taken enormous pressure off our internal … More IT team. They are always keen on sharing their knowledge and skills and always go above and beyond. I can’t recommend them highly enough.
  • Avatar Lisa S. ★★★★★ 2 months ago
    Absolutely brilliant service! Friendly, knowledgeable and really helpful without making me feel stupid for not understanding IT wizardry!
  • Avatar Debbie D. ★★★★★ 5 months ago
    Great service so far what with me being a new starter, & I've heard really positive things about Reformed IT from many of my colleagues, so I have no doubt this great service … More will continue!
  • Avatar Chloe J. ★★★★★ 8 months ago
    Reformed IT always provide excellent service and support. Since working for Walton and Allen the team have always been fast to resolve any IT issues I have had. Thank you for all of … More your help 🙂