[BreachExchange] Data breach at Sandicliffe could affect “thousands” of customers

[Destry Winant]

https://www.fleetnews.co.uk/news/fleet-industry-news/2020/11/11/data-breach-at-sandicliffe-could-affect-thousands-of-customers

A legal firm claims that a data breach at Sandicliffe Motor Group
could affect “thousands” of staff and customers.

Bank account details and medical histories may be included in the

Information, including possible bank account details and medical
histories, was taken in the cyber-attack, which was initially reported
to the Information Commissioner’s Office (ICO) in February, after an
employee opened a link in an unsolicited email.

No further action is being taken by the ICO but data breach
specialists CEL Solicitors is now discussing breaches with a number of
people affected by the hacking – among them both current and past
employees, as well as customers.

The firm is warning staff and customers to remain vigilant and notify
their bank immediately if they think they could have had data stolen.

Mark Montaldo, a director at CEL Solicitors, said: “In the case of
Sandicliffe, it is concerning that there appears to have been a
significant delay in notifying those who may have had their data
breached, but it is essential that you notify your bank as soon as
possible if you think you’ve been affected.

“With a total of 10 showrooms, this incident is likely to have
affected hundreds, maybe even thousands of people – it’s therefore
extremely important for the company, its staff and those customers who
have been affected, to remain on alert for any unusual activity with
their bank or with other personal information.”

CEL said that the amount of data taken will vary for each individual,
dependent upon their role in the company and how much of their
information was held on record.

Sandicliffe confirmed the data breach in a statement issued to the
Nottingham Post. Managing director Paul Woodhouse, said: “We can
confirm Sandicliffe experienced a cybersecurity breach as a result of
a sophisticated attack by a third party.

“As soon as we became aware, we took immediate steps to contain and
remedy the breach and security was quickly re-established.

"Sandicliffe take data and IT security extremely seriously and this
breach did not affect our ability to operate.

"We have also complied with our legal requirements and have notified
relevant affected individuals.

"As the relevant regulator, the ICO, were notified and, after
assessment, have confirmed that they will not be taking further
action."