A UK car dealership has seen some systems and files permanently deleted in a cyberattack. Holdcroft Motor Group says employee data may have been compromised in the breach.
The attack apparently caused “significant damage” to the company’s infrastructure, and Stoke on Trent Live, which first reported the news, says the company received a demand for payment to release information, suggesting the perpetrators could be a ransomware gang.
Holdcroft Motor Group operates nine different dealer franchises across 23 locations in the Midlands and north of England. It reported a turnover of £467m in the last financial year, with a profit of £10.8m.
Cyberattack at Holdcroft Motor Group: what happened?
The attack took place on July 28 2022, according to an email sent to staff at the company. It said: “The company was the victim of a serious cyber attack which has caused significant damage to the [company’s] IT infrastructure and has also resulted in the loss of data from our internal storage areas.
“Following internal investigations it has been confirmed that some of the data that has been compromised may contain employee personal data.”
Staff are being warned not to access personal accounts or websites from their work devices and to change passwords for online banking, emails and pensions.
“This is a significant attack that should be taken extremely seriously and we are working very closely with both Staffordshire Police and the National Cyber Operational Unit to trace how this has happened,” the email reads.
“We have now managed to resolve the majority of the access issues that employees have been experiencing, although some of our core systems have been damaged beyond repair or have been permanently deleted.”
Both Staffordshire Police and data regulator the Information Commissioner’s Office (ICO) are investigating the incident.
Tech Monitor has approached Holdcroft Group for comment, but the company’s operations director Chris Greenhall told Stoke on Trent Live: “We can confirm we were victims of a cyberattack on Wednesday, July 27, however our core ‘dealer management system’ which hosts our client data was and remains unaffected.
“Those systems affected have now been fully restored. We would like to thank the efforts of all our people and suppliers who worked tirelessly to limit the disruption to our ongoing activities.”
Holdcroft cyberattack “likely” to be phishing or social engineering
It is likely the company has fallen victim to a phishing or social engineering attack, says Rick Jones, CEO and co-founder of cybersecurity vendor DigitalXRAID. “Given the organisation’s advice to staff around accessing personal accounts on office computers and changing their passwords, it seems this may have been a social engineering or phishing attack,” he says.
For companies without in-house cyber expertise, Jones says regular training is the only to thwart this kind of attack. “To protect the workforce and enable them to become the first line of defence, it is key organisations hold regular training sessions on the dangers of cybercrime,” he argues. “This includes simulated phishing campaigns to imitate real-world attacks, as a team will therefore begin to understand the dangers and consequences that come with insufficient knowledge and poor defence systems.”
Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.