News

Arnold Clark hackers share another 30GB of stolen customer data on the dark web

In December 2022, cybercriminals hacked Arnold Clark and demanded that the car dealer group pay a multi-million-pound ransom in return for not uploading customer information to the dark web. To demonstrate they were serious, the hackers initially uploaded 15 gigabytes of sensitive data. And it appears the cybercriminals have now upped the ante and carried out their threat as another 30 gigabytes of data has been found on the dark web.

The latest files were uploaded last night (14/02/2023). It is likely that this recent data is designed to put more pressure on Arnold Clark to pay up. 

Tens of thousands of people are now at risk as their compromised personal information is readily available online.  

According to Arnold Clark: “Unsigned copies of finance agreements” from 2019 and earlier are believed to have been stolen in the hack. These documents are likely to include customer names, addresses, vehicle registration numbers, and bank account and sort code details. At KP Law, we have seen cases where such sensitive data is purchased on the dark web and used to carry out identity theft, fraud, and phishing scams. As such, the consequences of the Arnold Clark data breach could devastate customers.   

On 28 January 2023, Arnold Clark released a statement about the attack. In this, the company appears to admit that, while its IT systems are capable of being set up so that they are not vulnerable to external attacks (such as when systems are built within a segregated environment), work to achieve this is only happening now. Has Arnold Clark unwittingly admitted that poor data security made this hack possible? And if the system had been built correctly in the first place, would customer data have been protected?  

Can you make an Arnold Clark data breach compensation claim?

Anyone who has purchased, sold, rented a vehicle, or had any servicing or repairs carried out by Arnold Clark within the last ten years could be affected by the hack. Arnold Clark is now notifying those affected, but any customer of Arnold Clark should be on guard against fraud and take immediate steps to protect themselves. Find out how to do this here.  

If you receive notification that you are affected by the Arnold Clark data breach, register below to receive updates on our investigation. If we uncover that poor security processes led to personal information being compromised, we will launch a data breach group action to help affected customers in England & Wales claim compensation for the security failures. 

Deborah Stuttard

Share
Published by
Deborah Stuttard
2 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

6 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago