‘Mammoth task’ facing Arnold Clark as car retailer battles back from Christmas cyberattack
Scottish car retailing giant Arnold Clark is still reeling from the effects of a cyberattack two days before Christmas – which has caused systems to be taken offline over the holiday period.
The household name motor trader has been battling to restore its systems after it identified ‘suspicious activity’ on its network on December 23.
Internet access has been suspended leaving dealerships and third party suppliers reliant on workarounds to service customer needs.
The company has described the work it is undertaking to support the resumption of its online services as a “mammoth task”.
A spokesperson for the company said: “Late on the evening of 23rd December, the group was notified by our external cybersecurity consultants of suspicious traffic on our network. Once we confirmed this internally with our own cyber team, we made the decision to bring down our network voluntarily as a purely protective measure, which has resulted in us cutting connectivity to the internet, our dealerships and our third-party connections.
“Our priority has been to protect our customers’ data, our systems and our third-party partners. While this has been achieved, this action has caused temporary disruption to our business and unfortunately our customers.
“Our external security partners have now been performing an extensive review of our whole IT network and infrastructure, which is a mammoth task, and they are providing guidance to our IT team on the re-enabling of our network and systems in a safe, secure and phased manner.
“Our showrooms and branches are open and will be able to assist our customers using our temporary systems until we have been able to restore our full systems safely. We expect to resume customer vehicle collections later this week and our branches are contacting customers to arrange this. Once again, we would like to thank our customers for their understanding and to apologise for any inconvenience this has caused.”
It has not been established what the cause of the cyber incident is, for example ransomware, although Pendragon – another large motor retailer – was hit by the Lockbit 3.0 ransomware gang last year.
Holdcroft Motor Group – which has 23 locations across the Midlands and north-west of England representing nine franchises – was also hit last year.
The company has denied reports that it dragged its head of IT back from a holiday in Italy and that a previous head was sacked after a security breach.
A Police Scotland spokesperson said: “On Saturday, 24 December, we received a report of a cyber incident at a business. Enquiries are ongoing.”