View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 19, 2022updated 22 Aug 2022 4:08am

UK car dealer sees systems “permanently deleted” in apparent ransomware attack

The car dealership, which boasts turnover of over £450m, has fallen victim to what appears to be a ransomware attack.

By Matthew Gooding

A UK car dealership has seen some systems and files permanently deleted in a cyberattack. Holdcroft Motor Group says employee data may have been compromised in the breach.

A UK car dealership has fallen victim to a cyberattack. (Photo courtesy of Fahroni/iStock)

The attack apparently caused “significant damage” to the company’s infrastructure, and Stoke on Trent Live, which first reported the news, says the company received a demand for payment to release information, suggesting the perpetrators could be a ransomware gang.

Holdcroft Motor Group operates nine different dealer franchises across 23 locations in the Midlands and north of England. It reported a turnover of £467m in the last financial year, with a profit of £10.8m.

Cyberattack at Holdcroft Motor Group: what happened?

The attack took place on July 28 2022, according to an email sent to staff at the company. It said: “The company was the victim of a serious cyber attack which has caused significant damage to the [company’s] IT infrastructure and has also resulted in the loss of data from our internal storage areas.

“Following internal investigations it has been confirmed that some of the data that has been compromised may contain employee personal data.”

Staff are being warned not to access personal accounts or websites from their work devices and to change passwords for online banking, emails and pensions.

“This is a significant attack that should be taken extremely seriously and we are working very closely with both Staffordshire Police and the National Cyber Operational Unit to trace how this has happened,” the email reads.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“We have now managed to resolve the majority of the access issues that employees have been experiencing, although some of our core systems have been damaged beyond repair or have been permanently deleted.”

Both Staffordshire Police and data regulator the Information Commissioner’s Office (ICO) are investigating the incident.

Tech Monitor has approached Holdcroft Group for comment, but the company’s operations director Chris Greenhall told Stoke on Trent Live: “We can confirm we were victims of a cyberattack on Wednesday, July 27, however our core ‘dealer management system’ which hosts our client data was and remains unaffected.

“Those systems affected have now been fully restored. We would like to thank the efforts of all our people and suppliers who worked tirelessly to limit the disruption to our ongoing activities.”

Holdcroft cyberattack “likely” to be phishing or social engineering

It is likely the company has fallen victim to a phishing or social engineering attack, says Rick Jones, CEO and co-founder of cybersecurity vendor DigitalXRAID. “Given the organisation’s advice to staff around accessing personal accounts on office computers and changing their passwords, it seems this may have been a social engineering or phishing attack,” he says.

For companies without in-house cyber expertise, Jones says regular training is the only to thwart this kind of attack. “To protect the workforce and enable them to become the first line of defence, it is key organisations hold regular training sessions on the dangers of cybercrime,” he argues. “This includes simulated phishing campaigns to imitate real-world attacks, as a team will therefore begin to understand the dangers and consequences that come with insufficient knowledge and poor defence systems.”

Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit

Read more: UK government websites leave .git directories vulnerable to attack

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.