Arnold Clark data breach exposes personal, banking information

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Arnold Clark data breach overview: 

• Who: Car retailer Arnold Clark has notified some of its customers that they were impacted by a December data breach that has been claimed by the Play ransomware group.
• Why: The data breach exposed some Arnold Clark customers’ personal information, including ID info and banking details. 
• Where: Nationwide.  

Arnold Clark has notified some of its customers through email that it suffered a data breach in December that the car retailer says exposed their personal information, including ID information and banking details. 

The data breach — claimed by the Play ransomware group — forced Arnold Clark to disconnect its systems from the internet to kick the bad actors out, reports Bleeping Computer. 

Arnold Clark said its security team — with the help of external consultants — is continuing to investigate the data breach to determine how much of and what information was stolen from its servers. 

Information exposed during the data breach includes names, contact details, birthdates, vehicle details, ID documents such as passports and driver’s licenses, bank account details, and, in some cases, National Insurance numbers, according to Arnold Clark, reports Bleeping Computer. 

Arnold Clark has also reportedly notified law enforcement and other relevant agencies — including the UK Information Commissioner’s Office — about the data breach. 

Impacted Arnold Clark customers warned to be weary of potential phishing attacks in wake of data breach

Impacted Arnold Clark customers have been warned to be cautious of phishing attacks against them that could arise in the wake of the data breach, and to not click links or attachments in suspect-emails, reports Bleeping Computer. 

Arnold Clark reportedly first acknowledged the data breach last month on Twitter, at which time it said the incident had caused a “temporary disruption” to the car retail company’s operations, reports Infosecurity.  

“Our priority has been to protect our customers’ data, our systems and our third-party partners,” Arnold Clark wrote, at the time.

In other data breach news, Royal Mail chose to temporarily suspend access to its Click and Drop website last November following a data breach that it said exposed its customers’ order information.

The postal service company attributed the data breach to technical issues and said it decided to temporarily suspend access to the website simply as a “precautionary measure” while it investigated the data breach. 

Have you been impacted by the Arnold Clark data breach? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Competition Appeal Tribunal holds certification hearing in £2.3B Meta class action over data-collection policies
• Twitter class action alleges company unlawfully laid off dozens of employees
• Financial Conduct Authority issues double amount of fines in 2022
• Wabtec data breach exposes sensitive customer information