Associate solicitor in our Data Breach team, Bill Singer, has commented in Car Dealer Magazine detailing the extent and severity of Arnold Clark customer data which has been exposed on the dark web.
Bill’s comments were published in Car Dealer Magazine, 16 March 2023, and can be found here.
Bill said that the 45GB amount already posted online is still a tiny percentage of the total data which is alleged to have been seized from Arnold Clark by hackers’ collective, Play.
“This is certainly something that bears mentioning.
“There has been a huge amount of interest in the media – and rightfully so – about the first post of 15GB and how it includes extensive personal data like passports and National Insurance numbers, but there has since been a second post of 30GB of data to the dark web which has not attracted as much coverage.
Bill said that an ‘educated guess’ placed the number of victims in the tens or even above one hundred thousand and predicted that it would take months for everyone who wants to make a claim to be notified by the company and come forward.
He believes that the industry could be doing more to protect its customers’ data and questioned whether businesses were ‘soft targets’ for illegal groups.
“This is the latest in a long line of attacks on car dealership groups and they are not doing it because it is unprofitable to them.
“Dealerships are being subject to successful cyber attacks where huge amounts of data gets stolen happens year after year. It’s usually phishing attacks into ransomware, leading to loss of data and bribes being demanded, like in the case of Arnold Clark.
“This is the fifth attack on a car dealership group in the past three years and despite that it would appear to be business as usual for some companies.”