Arnold Clark, who describes himself as Europe’s largest independent car retailer, is telling some customers that their personal information was stolen in a December 23 cyberattack claimed by the Play ransomware group.

The company said in emails sent to affected customers on Tuesday that the stolen data included credentials and bank details.

“During this incident, it appears that some personal data stored on our network may have been stolen, including names, contact details, dates of birth, vehicle details, identity documents (such as passports and driving licenses), national insurance numbers (in limited cases) and bank account details,” the car dealership said.

“On the advice of our cybersecurity team, we understand that some personal data was extracted by the hackers who carried out the cyberattack.”

Arnold Clark says his security team and outside consultants are still investigating the incident to establish the extent and nature of the information that was exfiltrated from his systems.

The company’s systems were disconnected from the Internet on the morning of December 24 to cut off attackers’ access to the network.

Since then, Arnold Clark has been working to restore compromised systems and says he will rebuild his “network in a new, separate environment.”

Customers aware of phishing attacks

Arnold Clark also informed the police and relevant authorities, including the UK Information Commissioner’s Officer, of the security breach.

“During this incident, we have been in constant communication with regulators and sought helpful advice from the police, and we will continue to do so to help other companies learn from our experience and better themselves. prepare for possible situations like this,” said Arnold Clark.

Affected customers have been advised to beware of potential phishing attacks targeting them due to this breach and not to open attachments or click on embedded links in suspicious emails.

The company first recognized the incident on January 3, 2023, when he said the attack had caused “temporary disruption” to his business operations.

“Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been achieved, this action has caused a temporary disruption to our business and unfortunately our customers,” the car dealership said.