Arnold Clark, a UK-based car retailer, has confirmed that it suffered from a cyberattack that resulted in the exposure of customer data. The Play ransomware group has taken credit for the attack via a message on its Tor-based leak website. Play claims to have obtained gigabytes of sensitive information from the company. Arnold Clark has so far confirmed that an investigation determined that customer data such as names, contact information, dates of birth, vehicle information, passports, driver’s licenses, national insurance numbers, and bank account details may have been exposed.
Arnold Clark boasts more than 200 dealerships located across the UK selling vehicles from over 25 manufacturers. The cyberattack reportedly occurred on December 23, 2022. Arnold Clark stated that the investigation into the security incident is still ongoing to determine the extent and the nature of the compromised data. Impacted individuals have been offered two years of free credit and website monitoring services.