Sensitive customer data stolen from Arnold Clark, one of the UK's largest car dealerships, has been posted on the dark web by the ransomware group Play.
Representatives of Arnold Clark said on Twitter that they protected customer data after they discovered suspicious traffic on their network back in December, although they did not specify the nature of the attack.
“Our priority has been to protect the data of our customers, our systems and our third-party partners,” the company said.
However, later the Play group itself confirmed that it had stolen information from Arnold Clark. The data leaked to the darknet includes national insurance numbers and passport details, as well as customer addresses and phone numbers. Bank statements and car finance documents for customers in a particular city of Glasgow have also been released. It is assumed that the leak included data belonging to private and corporate clients.
Arnold Clark employs over 11,000 people in 193 dealerships. Company officials said the attack caused a temporary disruption to business and apologized for the inconvenience. The full impact of the incident on the company's operations is not yet clear.
“Our external security partners are now conducting an extensive audit of our entire IT network and infrastructure, which is a mammoth task. They advise our IT team on re-enabling our network and systems in a safe and secure manner, step by step,” the company said in a statement.
The British company was not the only one targeted by the Play group in December. The large hosting provider Rackspace and the whole Belgian city of Antwerp also got it.