Cyber attack on car dealership Arnold Clark forces systems offline
The company was notified on 23 December about the suspicious incident and IT systems remain down, impacting customer-facing services
Car dealership Arnold Clark has confirmed the company was hit by a cyber attack last month.
The company said that it has managed to protect its customers' data as well as its systems and third-party partners. However, bringing down its network has caused a temporary disruption to its business and customers.
Pendragon's zealous response to LockBit ransomware is a breath of fresh air Continental 'held to ransom', refuses to confirm if LockBit has stolen data Rental car company Sixt confirms cyber attack, leaves scores of UK customers in the dark
“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner,” the company said.
Arnold Clark's Twitter account communicated that the dealership was experiencing technical issues affecting its systems and telephones. It apologised to customers and notified them it was trying to fix the problems, asking them to direct message its account on Twitter or email them for any queries instead.
Showrooms and branches are currently open and the company can serve customers through a temporary system until its full systems have been restored. Customer vehicle collections are expected to be resumed later this week.
The company revealed this week that it was originally notified by its external cyber security consultants of suspicious traffic on its network on 23 December.
Getting board-level buy-in for security strategy
Why cyber security needs to be a board-level issue
Arnold Clark took steps internally to confirm the report with its cyber team and then decided to take down its network voluntarily. It called this a “purely protective measure”, which led it to cut its connectivity to the internet, its dealerships, and third-party connections.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“Based on the information available, it looks like Arnold Clark was able to detect the attack through its security service provider and disrupt it before it put any data at risk,” said Mark Lamb, CEO at HighGround to IT Pro. “This was a very positive step and it shows that Arnold Clark already had a strong security posture in place that proactively monitored for threats, so they could be identified and remediated before they caused harm.
“While it doesn’t look like Arnold Clark’s IT is fully back up and running, the company does appear to have protected its data and customers, which is undoubtedly the most important issue.”
UK-based car dealership Pendragon was also hit by a cyber attack in October 2022 by the LockBit ransomware group. The company confirmed it had been hit by an IT security incident but that its ability to operate wasn’t affected. Pendragon also stated that it would refuse to pay the $60 million (£53 million) ransom that the attackers demanded and instead restore from backups.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.