Arnold Clark, self-described as Europe’s largest independent car retailer, is notifying some customers that their personal information was stolen in a December 23 cyberattack claimed by the Play ransomware group.
The company said in emails sent to affected clients on Tuesday that the stolen data includes ID information and banking details.
“During this incident, it appears that some personal data stored in our network may have been stolen, including names, contact details, dates of birth, vehicle details, ID documents (such as passports and driver’s licenses), National Insurance numbers (in limited cases) and bank account details,” the car retailer said.
“Upon advice from our cyber security team, we understand the some personal data has been extracted by the hackers who carried out the cyber attack.”
Arnold Clark says its security team and external consultants are still investigating the incident to establish the extent and the nature of the information that was exfiltrated from its systems.
The company’s systems were disconnected from the Internet on the morning of December 24 to cut the attackers’ access to the network.
Since then, Arnold Clark has been working on restoring the compromised systems and says it will rebuild its “network in a new segregated environment.”
Customers warned of phishing attacks
Arnold Clark also notified the police and relevant authorities, including the UK Information Commissioner’s Officer, about this security breach.
“During this incident we have been in constant communication with the regulatory authorities and have sought useful guidance from the police, and we will continue to do so to help other companies learn from our experience and be better prepared for possible situations such as this,” Arnold Clark said.
Affected customers were advised to be wary of potential phishing attacks targeting them due to this breach and not to open attachments or click links embedded in suspicious-looking emails.
The company first acknowledged the incident on January 3, 2023, when it said the attack caused “temporary disruption” to its business operations.
“Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been achieved, this action has caused temporary disruption to our business and unfortunately our customers,” the car retailer said.