Arnold Clark, Europe's largest independent car retailer, has notified some customers that their personal information was stolen in a December 23 cyberattack claimed by the Play ransomware group. The stolen data includes ID information, banking details, names, contact details, dates of birth, vehicle details, ID documents, National Insurance numbers, and bank account details. Upon advice from their cyber security team, Arnold Clark understands that some personal data has been extracted by the hackers. The company is still investigating the incident to establish the extent and the nature of the information that was exfiltrated from its systems. Arnold Clark disconnected their systems from the Internet on the morning of December 24 to cut the attackers access to the network. They have been working on restoring the compromised systems and rebuilding their Network in a new segregated environment. Arnold Clark has also notified the police and relevant authorities, including the UK Information Commissioners Officer, about this security breach. Affected customers were advised to be wary of potential phishing attacks targeting them due to this breach and not to open attachments or click links embedded in suspicious-looking emails. The company first acknowledged the incident on January 3, 2034, when they said the attack caused temporary disruption to their business operations. They have been in constant communication with the regulatory authorities and have sought useful guidance from the police. Vice Society ransomware claims attack on Australian firefighting service, Play ransomware claims attack on Belgium city of Antwerp, CommonSpirit Health ransomware attack exposed data of 623,000 patients, and email fatigue among users opens doors for cybercriminals. Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 01 Feb 2023 18:38:02 +0000