Are you eligible to join our Arnold Clark data breach claim?
April 18, 2024
If you are an Arnold Clark customer, you could be eligible to join our action and get compensation for the Arnold Clark data breach.
Customers of Arnold Clark may have had their personal information exposed following a data hack. The breach happened after hackers broke into the car dealer’s systems. The cybercriminals then demanded a multi-million-pound ransom and threatened to upload customer information to the dark web if they were not paid.
Tens of thousands of people are thought to be at risk. The Play ransomware cartel has claimed responsibility for the cyberattack.
According to various media reports, the stolen data includes:
Bank account and sort code details may also have also been stolen.
The cybercriminals released an initial 15 gigabytes of sensitive data on 17 January 2023. A further 30 gigabytes of data was posted on the dark web on 14 February 2023, and on 31 March 2023, another 475 gigabytes of data was discovered on the dark web.
KP Law has launched an investigation and group action to find out what happened and how this breach affects Arnold Clark customers. We believe that failures to adopt standard security measures may have made this attack easier.
Our data breach group action will help affected customers in England & Wales claim compensation for the security failures. We currently represent in excess of 7,500 customers and are helping them to seek information and redress.
If you are an Arnold Clark customer, register below to join our action and receive updates on our investigation.
If you have received an email confirming your involvement in the Arnold Clark data breach, you must save a copy. Some of our clients have reported receiving such notifications, only for their emails to later disappear.
Some organisations use self-destructing emails to automatically delete communications, either after a certain amount of time or when they request it. We do not condone this practice, especially in data breach cases where notification is widely used to prove an individual’s involvement in a breach and is thus vital evidence when making a claim. While we cannot be sure if Arnold Clark has set its emails to self-destruct, we have seen this happen in other cases. As such, we advise anyone who receives a data breach notification to keep a copy just in case.
If your details were put at risk, Arnold Clark should write to you to let you know. But the attack is thought to have been carried out on 23rd December 2022, and this didn’t start to happen until late January 2023. By not letting customers know immediately, Arnold Clark left them at a very high risk of further cyberattacks, fraud and identity theft.
If you are an Arnold Clark customer you should take immediate steps to protect yourself
Victims of data breaches often become the target of cybercriminals and similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, Arnold Clark customers are at high risk of being targeted by cybercriminals and should take immediate steps to protect themselves.
Our data protection experts have provided some guidance on how to do this.
KP Law has launched an investigation to find out what happened and how this breach affects Arnold Clark customers. We may be able to claim compensation for any distress or financial losses experienced because of this breach. We urge anyone affected to register with us.
REGISTER TO FIND OUT MORE ABOUT THE ARNOLD CLARK GROUP ACTION.
Talk to our expert data breach lawyers today on 0151 459 5850
If you are an Arnold Clark customer, you could be eligible to join our action and get compensation for the Arnold Clark data breach.
Associate Bill Singer has commented on the ongoing Arnold Clark data breach claim and the fraud risks to those impacted in Computer Weekly. Bill’s comments
Arnold Clark experienced a cyber security incident on 23rd December 2022. It was issued with a multimillion-pound ransom demand from the Play ransomware cartel. A 15GB tranche of stolen customer data was allegedly shared on the dark web, with another, much larger upload threatened if the cryptocurrency ransom was not paid.
The cybercriminals then carried out their threat and released another 30 gigabytes of data on the dark web.
The list of potentially compromised data includes customer:
On 3 January 2023, 11 days after the cyberattack, Arnold Clark said:
“Late on the evening of 23rd December, the Group was notified by our external cyber security consultants of suspicious traffic on our network. Once we confirmed this internally with our own Cyber team, we made the decision to bring down our network voluntarily as a purely protective measure, which has resulted in us cutting connectivity to the internet, our dealerships and our third-party connections.
“Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been acheived, this action has caused temporary disruption to our business and unfortunately our customers.
“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner.
“Our showrooms and branches are open and will be able to assist our customers using our temporary systems until we have been able to restore our full systems safely. We expect to resume customer vehicle collections later this week and our branches are contacting customers to arrange this.
“Once again, we would like to thank our customers for their understanding and to apologise for any inconvenience this has caused.”
On 28 January 2023, Arnold Clark released a further statement about the attack. In this, the company appeared to admit that, while its IT systems were capable of being set up so that they were not vulnerable to external attacks (a segregated environment), work to achieve this had only just begun.
The volume of data at risk leads us to believe that any customer of Arnold Clark in the last ten years has a high probability of their information being accessed.
Arnold Clark is writing to all affected and potentially affected customers and will continue that communication as its investigation progresses.
Anyone who thinks they might be involved should take immediate steps to protect themselves. Find out how to do this here.
If you live in England or Wales and you are involved in this breach, you may be able to join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known as class actions, multi-claimant, or multi-party actions.
There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. At KP Law, our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
Find out more about making a group action claim for compensation.
What does no-win, no-fee actually mean and are there really no costs if you appoint us?
We are one of the most experienced multi-claimant law firms in the UK.
Our GDPR, data breach and cybercrime specialists have a combined experience of over 50 years.
We represent clients in group actions with innovation, resources, and expertise.
We work with expert barristers to ensure you get the very best level of legal support available.
We have all the resources and global expertise necessary to take on complicated cases and win.
We have offices in London, Liverpool, Manchester, and Birmingham, and the technology to provide a nationwide service to clients across England & Wales.
We use technology to deliver a better legal experience to our clients.
We work on a no-win, no-fee basis.
We make the process straightforward and hassle-free.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.