Sensitive personal data allegedly stolen from Arnold Clark, one of the United Kingdom’s largest car dealerships, has been posted online by the PLAY ransomware group.
The company had claimed in a Tweet on January 3 to have protected customer data after it discovered suspicious traffic on its network back in December, although it did not confirm the nature of the attack.
“Our priority has been to protect our customers’ data, our systems and our third-party partners,” the company stated, adding that “this has been achieved.”
The data includes National Insurance numbers (the equivalent of Social Security numbers in the U.S.) and passport data, alongside addresses and phone numbers. Also published were bank statements and car finance documents for customers of the Glasgow-based business.
Data belonging to private and corporate customers is believed to be included in the leak.
