Mask surrounded by code with "Hacked" underneath

PLAY ransomware group taken responsibility for the Arnold Clark cyberattack

PLAY ransomware group reportedly posted online sensitive personal data that was allegedly hacked from Arnold Clark, one of the leading car dealerships in the United Kingdom.

In a tweet on January 3, the company claimed that in December, it had successfully managed to protect the data of its customers as well as its systems and third-party partners. Even though it did not clearly explain what kind of attack it was.

In a tweet, the company clearly stated:

Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner.

The company was claiming technical problems with their systems and phones on Arnold Clark’s Twitter account. In light of last week’s release of what appears to be client information on the ransom website run by the PLAY ransomware group, its tweet has not been updated regarding to cyberattack.

The news revealed that the hackers had already published 15 gigabytes of data and will continue to do so unless a large ransom is paid in cryptocurrencies.

Along with addresses and phone numbers, the data also includes passport information and National Insurance numbers, which are similar to Social Security numbers in the United States. Customers of the Glasgow-based company’s bank records and auto credit papers were also made public. It’s believed that the breach contains data from both individual and business clients.

The attack, according to Arnold Clark, which has 193 dealerships in Britain and employs more than 11,000 people, unexpectedly disrupted their customers and business. Arnold Clark apologised for any disruption it may have caused.

As long as the company’s temporary system is working and its complete systems haven’t yet been restored, showrooms and branches can still handle customers.

The Play ransomware group, which first made headlines in mid-2022 with a series of cyberattacks on organisations in Latin America. It has now become to be one of the most active and serious criminal organisations today.

The PLAY ransomware group attacked the British company, along with the Belgian city of Antwerp and the world’s largest cloud computing provider Rackspace, among other prominent businesses in December.

The organisation previously preferred exploiting unprotected remote desktop protocol (RDP) servers, exploited virtual private network (VPN) accounts, compromised domain and local accounts, and exposed local accounts before aggressively adopting OWASSRF. Additionally, the FortiOS operating system from Fortinet was compromised by this attack.

In October 2022, the LockBit ransomware group also targeted the UK-based auto dealership Pendragon with a cyberattack. The company confirmed an IT security breach had occurred but said there had been no impact on business. Pendragon also said that it will choose to recover data from backups rather than paying an extra over the attackers’ demanding $60 million (£53 million).

Arnold Clark’s newsroom hasn’t been updated in over a month at the time of writing. It usually publishes fresh articles every few days that include reviews of cars. Before the issue was found, the most recent post was published on December 20.

Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts