Ransomware allegedly compromised Arnold Clark car dealer

February 2, 2023
Play Ransomware Arnold Clark Car Dealership UK Data Leak Cybersecurity

One of the United Kingdom’s major car dealers, Arnold Clark, has allegedly lost sensitive personal data after the Play ransomware group’s suspected attack.

The company admitted in a tweet earlier this month that they have protected customer data after they suspected suspicious activity on its network in December last year. However, the company did not confirm the classification of the incident.

The company prioritises safeguarding its customer’s personal information, their systems, and third-party partners.


Arnold Clark has yet to publish an update on their statement after Play ransomware claimed the attack.


Arnold Clark did not update its publication last week despite the Play ransomware operators including the car dealership’s customer information on their extortion website. The company has yet to respond to any questions from the media today.

Extortion site researchers stated that the leaked data includes National Insurance numbers comparable to the Social Security numbers in the United States. Additionally, the attack data loss includes passport data and phone numbers.

Glasgow-based branch of the company has also lost its customers’ bank statements and car finance documents. Other researchers also believe that the information owned by private and corporate customers is included in the data leak.

The recent attack on this British car dealership company was one of the multiple high-profile targeted companies of the Play ransomware group last year. The attackers have included Rackspace and the Belgian city of Antwerp in their latest list of victims in a few months.

The latest statement from one of the company’s external security partners said that they had been extensively reviewing Arnold Clark’s IT network and infrastructure. As of now, it is the only group that could give updates regarding the incident.

Arnold Clarks’ newsroom, which commonly releases new posts and car reviews every few days, has been inactive for over a month. The most recent post from the company was published in the early weeks of December last year before the attack occurred.

About the author

Leave a Reply