Cyber attack on car dealership Arnold Clark forces systems offline

Car dealership Arnold Clark has confirmed the company was hit by a cyber attack last month.

The company said that it has managed to protect its customers' data as well as its systems and third-party partners. However, bringing down its network has caused a temporary disruption to its business and customers.

“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner,” the company said.

Arnold Clark's Twitter account communicated that the dealership was experiencing technical issues affecting its systems and telephones. It apologised to customers and notified them it was trying to fix the problems, asking them to direct message its account on Twitter or email them for any queries instead.

Showrooms and branches are currently open and the company can serve customers through a temporary system until its full systems have been restored. Customer vehicle collections are expected to be resumed later this week.

The company revealed this week that it was originally notified by its external cyber security consultants of suspicious traffic on its network on 23 December.

Arnold Clark took steps internally to confirm the report with its cyber team and then decided to take down its network voluntarily. It called this a “purely protective measure”, which led it to cut its connectivity to the internet, its dealerships, and third-party connections.

“Based on the information available, it looks like Arnold Clark was able to detect the attack through its security service provider and disrupt it before it put any data at risk,” said Mark Lamb, CEO at HighGround to IT Pro. “This was a very positive step and it shows that Arnold Clark already had a strong security posture in place that proactively monitored for threats, so they could be identified and remediated before they caused harm.

“While it doesn’t look like Arnold Clark’s IT is fully back up and running, the company does appear to have protected its data and customers, which is undoubtedly the most important issue.”

UK-based car dealership Pendragon was also hit by a cyber attack in October 2022 by the LockBit ransomware group. The company confirmed it had been hit by an IT security incident but that its ability to operate wasn’t affected. Pendragon also stated that it would refuse to pay the $60 million (£53 million) ransom that the attackers demanded and instead restore from backups.