Arnold Clark, a car retailer based in the UK, has informed customers that their personal information may have been compromised due to a cyberattack. A ransomware group has taken responsibility for the attack, claiming to have obtained gigabytes of sensitive data. Arnold Clark has over 200 dealerships in England and Scotland, selling vehicles from over 25 manufacturers, and is said to be the biggest car company of its kind in Europe. On December 23, 2022, the company revealed that it had been targeted in a cyberattack. An investigation revealed that the hackers may have obtained personal data such as names, contact details, dates of birth, vehicle information, passports or drivers licenses, national insurance numbers, and bank account details. The investigation is still ongoing, but those affected are being offered two years of free credit and web monitoring services through Experian. The ransomware group known as Play has taken credit for the attack on its Tor-based leak website. The hackers have published a large amount of information that they claim to have stolen from Arnold Clark, and they have threatened to release more if the company does not pay up. Currently, they have released 31 archive files of 500 Mb each, totaling roughly 15 Gb. They claim to have stolen private and personal data, including passport and ID copies, confidential contracts, agreements, leasing contracts, and finance-related documents. Play ransomware first appeared in June 2022 and has been one of the most active ransomware operations. The cybercriminals are using file-encrypting malware and stealing data from victims in an effort to increase their chances of getting paid. Play is best known for the recent attack on cloud company Rackspace, where they used a new exploitation method for targeting Microsoft Exchange servers.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 02 Feb 2023 14:41:03 +0000