Arnold Clark clients have had their addresses, passports and nationwide insurance coverage numbers leaked on the darkish internet following a cyber-attack on the automobile retail big over the festive interval.
AM reported earlier this month that the AM100 enterprise was nonetheless battling the impacts of disconnected techniques after pulling the plug on its web connection as a part of a bid to guard clients and enterprise companions from information theft simply earlier than Christmas.
However the Mail on Sunday has reported that the worldwide hacking ring Play is now threatening the enterprise with an enormous dump of buyer information onto the Darkish Net after leaking among the particulars taken within the raid.
The newspaper reported that the hackers have already posted 15 gigabytes of information and intend to add an extra 467 gigabytes except a multi-million-pound ransom is paid in cryptocurrency.
The incident comes three months after Pendragon refused to pay a $60 million (£53m) ransom demand after changing into motor retail’s newest sufferer to hackers.
In a press release issued to AM, Arnold Clark declined the chance to touch upon the alleged ransom demand, however stated that it was persevering with investigations into the incident “as a precedence” alongside its exterior cyber safety companions.
It added: “We take the safety and security of our buyer information very severely and correct identification of any potential compromise of that information stays our main focus.
“As soon as now we have a full image of all the information that’s doubtlessly compromised, we can be contacting our clients to make them conscious.
“We are going to proceed to take all vital actions to minimise any affect to our clients and third-party companions. We’re liaising with the related regulatory authorities over this incident, particularly the ICO and the police.”
One Arnold Clark buyer, who contacted AM after her information was apparently shared on-line, described how she had obtained a message from an unknown mailbox containing a hyperlink to her private information.
She claimed that efforts to contact Arnold Clark in regards to the concern had failed, including that the department from which she purchased her automobile had advised her that they “didn’t have details about this incident”.
A spokesperson for Arnold Clark advised AM that affected clients ought to contact the group’s customer support division at customerservice@arnoldclark.com.
The Mail on Sunday reported that the Play hacking ring linked to the assault on Arnold Clark had risen to prominence following a sequence of assaults on authorities web sites in Latin America final yr.
It additionally highlighted that firms caught up in information breaches could be hit with massive fines from the Data Commissioner’s Workplace (ICO).
In 2020 it fined British Airways a document £20 million after the non-public information of greater than 400,000 clients and employees, with Marriott Worldwide accommodations additionally fined £18.4m after hackers stole tens of millions of its company’ data.