Pendragon has become motor retail's latest victim to hackers, who have reportedly issued a $60 million (£53m) ransom demand to the major AM100 dealer group.
A spokesman confirmed it has experienced an "IT security incident" but it had not affected its ability to operate and its dealerships, which trade under the Stratstone and Evans Halshaw brands, continue to service customers.
It has reported the attack to the National Cyber Security Centre, the Information Commissioner's Office and the Financial Conduct Authority.
The Times reported that the cyberattack was on the Nottingham-based group's IT servers and hackers reportedly stole part of Pendragon's database, before demanding the huge ransom to be paid into a bitcoin wallet.
Pendragon remained defiant, and has not taken part in discussions about payment, while taking steps to ramp up the protection of its IT systems.
The Pinewood Technologies dealer management system, a subsidiary of Pendragon, which is used by a number of franchised dealers globally, was completely unaffacted.
In a statement, Pendragon said: "We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident.
"This has not affected our ability to operate, and we continue to service our customers and communities as normal.
"Upon discovery, we took immediate steps to contain the incident. Our security specialists launched an extensive investigation to assess fully what has happened and we’ll be keeping our customers and partners updated."
The National Cyber Security Centre has released new guidance this month in response to a growing trend in supply chain attacks.
The new guidance is designed to help medium and larger organisations effectively assess the cyber risks of working with suppliers and gain assurance that mitigations are in place.