Arnold Clark customers have had their addresses, passports and national insurance numbers leaked on the dark web following a cyber-attack on the car retail giant over the festive period.

AM reported earlier this month that the AM100 business was still battling the impacts of disconnected systems after pulling the plug on its internet connection as part of a bid to protect customers and business partners from data theft just before Christmas.

But the Mail on Sunday has reported that the international hacking ring Play is now threatening the business with a huge dump of customer data onto the Dark Web after leaking some of the details taken in the raid.

The newspaper reported that the hackers have already posted 15 gigabytes of data and intend to upload a further 467 gigabytes unless a multi-million-pound ransom is paid in cryptocurrency.

The incident comes three months after Pendragon refused to pay a $60 million (£53m) ransom demand after becoming motor retail's latest victim to hackers.

In a statement issued to AM, Arnold Clark declined the opportunity to comment on the alleged ransom demand, but said that it was continuing investigations into the incident “as a priority” alongside its external cyber security partners.  

It added: “We take the security and safety of our customer data very seriously and accurate identification of any potential compromise of that data remains our primary focus.

“Once we have a full picture of all the data that is potentially compromised, we will be contacting our customers to make them aware.

“We will continue to take all necessary actions to minimise any impact to our customers and third-party partners. We are liaising with the relevant regulatory authorities over this incident, especially the ICO and the police.”

One Arnold Clark customer, who contacted AM after her data was apparently shared online, described how she had received a message from an unknown mailbox containing a link to her personal data.

She claimed that efforts to contact Arnold Clark about the issue had failed, adding that the branch from which she bought her car had told her that they “did not have information about this incident”.

A spokesperson for Arnold Clark told AM that affected customers should contact the group’s customer service department at customerservice@arnoldclark.com.

The Mail on Sunday reported that the Play hacking ring linked to the attack on Arnold Clark had risen to prominence following a series of attacks on government websites in Latin America last year.

It also highlighted that companies caught up in data breaches can be hit with large fines from the Information Commissioner’s Office (ICO).

In 2020 it fined British Airways a record £20 million after the personal data of more than 400,000 customers and staff, with Marriott International hotels also fined £18.4m after hackers stole millions of its guests’ records.