Cyber Incident Victim: Arnold Clark Automobiles Limited
Date:
Dec 2022
Location:
United Kingdom
Summary
A major automotive retailer experienced a cyber attack that disrupted computer and telephone systems, forcing employees to resort to manual record-keeping. Internal sources indicated system wiping and potential data loss, contradicting the company's assertion of no compromised customer information. The incident necessitated recalling IT personnel from leave and highlighted prior security vulnerabilities. Operations continued with significant limitations, including inaccessibility to digital customer processing tools and internal communications. Restoration efforts were underway, with telephone services reportedly nearing reactivation during the response period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident targeting Arnold Clark commenced on December 24, 2022, when attackers compromised the automotive dealership's network infrastructure. The intrusion resulted in widespread system outages that rendered employees unable to access critical computer systems, email accounts, and telephone services. Technical staff discovered that hackers had executed a destructive action that wiped significant portions of the company's digital infrastructure, creating immediate operational paralysis. This disruption persisted for at least four days post-attack, with systems remaining non-functional through December 28. The attack's timing during the Christmas holiday period exacerbated response challenges, as evidenced by the emergency recall of the IT chief from a vacation in Italy. Company representatives tracked the executive to his hotel and mandated his immediate return to manage the crisis.
Arnold Clark implemented contingency measures requiring staff to conduct business operations using manual, paper-based processes for recording customer details—a method described by insiders as resembling 1970s-era practices. While vehicle sales continued during the outage, employees could not process transactions or customer information through digital systems. An internal source claimed the attackers potentially compromised thousands of customer records, though company officials publicly stated their security team found no evidence of data exfiltration or customer information compromise during initial investigations. The organization's telephone systems were projected to resume partial functionality on the evening of December 28. This incident followed the termination of Arnold Clark's previous IT leadership approximately one year earlier due to an unrelated security breach. Management instructed employees to maintain confidentiality about the cyber attack, though operational disruptions and manual workarounds made complete secrecy impractical. The company issued a public apology for service interruptions while thanking customers for their patience during recovery efforts.