Car dealership hit by cyber attack
PERSONAL and bank details may have been stolen after hackers attacked used car dealer Sandicliffe.
Data breach specialist CEL Solicitors, which was hired by some of the “potentially thousands” of individuals affected, said it believed the data was taken when a member of staff at Sandicliffe opened a link sent in a bogus e-mail in February.
The company, which has three Ford and Kia dealerships in Leicester and another in Loughborough, has not commented on the breach.
CEL Solicitors said all those targeted have now been contacted.
The solicitors said the people whose data was targeted included former and existing employees of Sandicliffe, which has 10 dealerships in Leicestershire and Nottinghamshire.
The data believed to have been stolen includes names, dates of birth, bank account numbers and sort codes, National Insurance numbers, passport scans, salary information and medical histories.
The solicitors said the cyber-attack was reported to the Information Commissioner’s Office (ICO), but that no further action is being taken.
Mark Montaldo, a director at CEL Solicitors, said: “We’ve seen time and time again how cyber criminals are becoming more sophisticated in the way they access personal, sensitive information and how they go about using this data.
“They appear to have no preference in terms of sector, industry or type of data.
“It is therefore vital action is taken as soon as a breach is noticed. With a total of 10 showrooms, this incident is likely to have affected hundreds, maybe even thousands, of people.
“It’s therefore extremely important for the company, its staff and those customers who have been affected to remain on alert for any unusual activity with their bank or with other personal information.”
Sandicliffe managing director Paul Woodhouse said: “We can confirm Sandicliffe experienced a cybersecurity breach as a result of a sophisticated attack by a third party.
“As soon as we became aware, we took immediate steps to contain and remedy the breach and security was quickly re-established.
“We have also complied with our legal requirements and have notified relevant affected individuals.
“The ICO was notified and, after assessment, confirmed it will not be taking further action.”