View all Business
View all Cloud
View all Hardware
View all Infrastructure
View all Security
View all Software
View all Technology
Getty Images
Car dealership Arnold Clark has confirmed the company was hit by a cyber attack last month.
The company said that it has managed to protect its customers' data as well as its systems and third-party partners. However, bringing down its network has caused a temporary disruption to its business and customers.
“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner,” the company said.
Arnold Clark's Twitter account communicated that the dealership was experiencing technical issues affecting its systems and telephones. It apologised to customers and notified them it was trying to fix the problems, asking them to direct message its account on Twitter or email them for any queries instead.
Showrooms and branches are currently open and the company can serve customers through a temporary system until its full systems have been restored. Customer vehicle collections are expected to be resumed later this week.
The company revealed this week that it was originally notified by its external cyber security consultants of suspicious traffic on its network on 23 December.
Getting board-level buy-in for security strategy
Why cyber security needs to be a board-level issue
Arnold Clark took steps internally to confirm the report with its cyber team and then decided to take down its network voluntarily. It called this a “purely protective measure”, which led it to cut its connectivity to the internet, its dealerships, and third-party connections.
“Based on the information available, it looks like Arnold Clark was able to detect the attack through its security service provider and disrupt it before it put any data at risk,” said Mark Lamb, CEO at HighGround to IT Pro. “This was a very positive step and it shows that Arnold Clark already had a strong security posture in place that proactively monitored for threats, so they could be identified and remediated before they caused harm.
“While it doesn’t look like Arnold Clark’s IT is fully back up and running, the company does appear to have protected its data and customers, which is undoubtedly the most important issue.”
UK-based car dealership Pendragon was also hit by a cyber attack in October 2022 by the LockBit ransomware group. The company confirmed it had been hit by an IT security incident but that its ability to operate wasn’t affected. Pendragon also stated that it would refuse to pay the $60 million (£53 million) ransom that the attackers demanded and instead restore from backups.
The business value of Dell Technologies APEX as-a-Service solutions
Lowering your annual infrastructure costs
Building for success with off-premises private cloud
Leveraging co-location facilities to execute your cloud strategy
Understanding the economics of in-cloud data protection
Data protection solutions designed with cost optimisation in mind
Transforming the employee experience for a hybrid work world
How a single PC vendor can help you get ahead
Research: Luxury cars and emergency services vehicles vulnerable to remote takeover
Getting your workplace transformation right for today and tomorrow
WhatsApp to combat internet blackouts with proxy server support
ITPro is part of Future plc, an international media group and leading digital publisher. Visit our corporate site www.futureplc.com
© Future Publishing Limited, Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885
Cyber attack on car dealership Arnold Clark forces systems offline – IT PRO
