Arnold Clark, the UK’s largest independently owned car dealership, suffered a major ransomware attack late last year in which large volumes of sensitive customer data were stolen, the company said.

Among the data were stolen bank details, passport copies, driver’s licences, vehicle information, and National Insurance numbers, with other information likely targeted in the attack, claimed by the Play ransomware gang. 

The UK-wide breach occurred on December 23 with customers emailed about the incident on 2 February.  

In a statement, Arnold Clark said: “While we were initially advised that all our data was secure, unfortunately, in the course of our investigation, it has become clear that during this incident, the attackers were able to steal copies of some data that we hold. Due to the type of cyber attack that we have been subjected to, it is extremely difficult to accurately identify what has been stolen; however, our teams are working with our external advisors to understand the exact nature and extent of that data.”

Cybersecurity expert Achi Lewis, Area vice-president, EMEA, for Absolute Software, said: “Uncertain economic times and the lead-up to a holiday make the perfect storm for cyber-attackers, often creating a more relaxed and weakened security posture to be exploited. Ransomware attacks don’t discriminate against any sector, with the automotive industry home to vast volumes of sensitive data, demanding both preventative and reactive cybersecurity measures to be put in place by organisations.” 

“Companies across all industries should take this opportunity to evaluate their current cyber posture, implementing measures such as resilient Zero Trust to prevent threat actors from breaching devices, applications and networks. Resilient Zero Trust is a security model that authenticates users on a case-by-case basis, only allowing access to devices and applications if there are no signs of suspicious activity. If unusual behaviour is detected, access can be frozen or shut off by a centralised IT team to prevent a breach.” 

“Ransomware attacks are a case of when, not if, so it is imperative that organisations focus on their response protocols as well as prevention. Leveraging self-healing solutions can help to recover and repair devices that have been breached, protecting them from future attacks. A full recovery can take months or even years from the initial investigation, so ensuring high cyber preparedness is vital.” 

Arnold Clark owns nearly 200 dealerships across Scotland and England, selling more than 300,000 cars each year. Arnold Clark is asking affected customers to contact:

How car dealers can adapt to digital challenges in 2022

Arnold Clark owners rank among Britain’s wealthiest people: Rich List 2022