Cyber Incident Victim: Holdcroft Motor Group
Date:
Jul 2022
Location:
United Kingdom
Summary
A major ransomware attack targeted a large UK-based family-run car dealership, resulting in significant IT infrastructure damage and data theft. The attackers compromised two years of employee personal data and caused irreparable harm to some core systems, although the customer data-hosting dealer management system remained unaffected. Law enforcement and relevant cybersecurity authorities were engaged to investigate the incident. Employees were advised to avoid personal site usage on work devices and update personal passwords while remaining vigilant for further suspicious activity. The dealership industry has increasingly become a focus for such attacks due to the sensitive financial and personal information handled.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 28, 2022, Holdcroft Motor Group, a major family-run car dealership based in Stoke-on-Trent, UK, experienced a significant ransomware attack. The breach compromised two years of internal data, including employee personal information, and caused extensive damage to the company's IT infrastructure. An internal email confirmed the attackers accessed and exfiltrated data from internal storage areas, with some systems permanently deleted or rendered irreparable. Staffordshire Police, the National Cyber Security Centre (NCSC), and the Information Commissioner’s Office (ICO) were notified to investigate the incident. While the core dealer management system housing customer data remained unaffected, other critical operational systems sustained severe damage. The company acknowledged the compromise of employee data in internal communications but did not disclose the exact volume of records or specific ransomware group involved.
By late August 2022, Holdcroft restored most system access for employees but confirmed irreversible damage to portions of its infrastructure. Staff were instructed to avoid personal website usage on work devices and to update personal account passwords as a precaution against further compromise. The firm maintained heightened vigilance for additional suspicious activity following the attack. This incident occurred amid escalating targeting of UK car dealerships by ransomware actors, exemplified by an April 2022 attack on TrustFord and March 2022 litigation against LSH Auto by employees affected by a prior breach. Holdcroft did not publicly confirm whether it paid the ransom or detailed the exact financial impact, though operational disruptions and system reconstruction costs were implied by the described infrastructure damage.