
UK car dealer Arnold Clark notified customers that their data got compromised in a data breach that took place in December 2022.
The Glasgow-based car dealer in a statement said When attackers first infiltrated the network on the evening of Friday, Dec. 23, “our external security network consultants alerted us to unusual activity on our network, and we immediately took steps to minimize the impact of the attack by removing all external connections to our network to protect our customer data, third-party partners and our systems,”.
Investigators probing the breach initially found no evidence that attackers had exfiltrated data. On Jan. 3, the company said, “Our external security partners are now conducting an extensive audit of our entire IT network and infrastructure, which is a mammoth task,” and that it would reactivate each part only after it had confirmed to be safe.
Initially, it believed the data is secure, but the later part of the investigation revealed that the threat actors have stolen data. It directly contacted the affected customers across Scotland and England
The full extent of the attack is still unknown. “It is extremely difficult to accurately identify what has been stolen; however, our teams are collaborating with our external advisors to understand the exact nature and extent of that data.”
Attack Timeline
- Dec 23rd, 2022- Unusual behavior in the network was identified.
- Jan 03rd, 2023 – Investigation probed
- Jan. 11th, 2023 – The Play – aka Play Crypt – ransomware group added Arnold Clark to its list of data breach victims.
- Jan. 17th,2023 – Play leaked a 467GB archive of private and personal data, passports, IDs, confidential contracts, agreements, leasing contracts, finance information, and others
The company says it will provide all affected or potentially affected customers with 24 months of credit monitoring services via Experian and says the credit monitoring company is setting up a dedicated call center with more information.