PLAY ransomware group claims attack on Arnold Clark, one of Britain’s largest car dealerships


Level 19
Thread author
Top Poster
Jan 21, 2018
"Sensitive personal data allegedly stolen from Arnold Clark, one of the United Kingdom’s largest car dealerships, has been posted online by the PLAY ransomware group.
The company had claimed in a Tweet on January 3 to have protected customer data after it discovered suspicious traffic on its network back in December, although it did not confirm the nature of the attack.
“Our priority has been to protect our customers’ data, our systems and our third-party partners,” the company stated, adding that “this has been achieved.”
A statement from the Arnold Clark Group.
— Arnold Clark (@ArnoldClark) January 3, 2023
Its statement has not been updated following the publication last week of what appear to be customer details on the PLAY ransomware group’s extortion site.
Arnold Clark’s press office did not immediately respond to The Record’s request for comment.
The data includes National Insurance numbers (the equivalent of Social Security numbers in the U.S.) and passport data, alongside addresses and phone numbers. Also published were bank statements and car finance documents for customers of the Glasgow-based business.
Data belonging to private and corporate customers is believed to be included in the leak.
Arnold Clark, which employs more than 11,000 people across 193 dealerships in Britain, stated the attack had “caused temporary disruption to our business and unfortunately our customers” and apologized for any inconvenience it caused.
The British company was one of several high-profile companies targeted by the PLAY group in December, including the Belgian city of Antwerp and cloud computing giant Rackspace.
The full impact of the incident on the company’s operations is not clear.
“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner,” the statement from January 3 said.
As of Monday morning, Arnold Clark’s newsroom, which typically features a new post including car reviews every few days, has not been updated for more than a month. The most recent post was made on December 20, before the incident was discovered."

Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.