Card dealership Sandcliffe was targeted by a powerful cyberattack which could have compromised staff and customers’ personal information, including financial details. The attack would have occurred at the beginning of this year.
The dealership, which features 10 showrooms across multiple UK locations (Nottingham, Leicester and Loughborough) was targeted by a cybercriminals gang last February 2020, thanks to an unaware user who opened a link attached to a malicious email.
People affected by the incident are being alerted by Sandicliffe security staff to confirm that their personal data had been breached; it seems the incident also affected former employees. Among the details believed to have been stolen by the hackers are:
- Full names
- Dates of birth
- Bank account numbers and sort codes
- National Insurance numbers
- Passport scans
- Salary levels
- Medical histories
It is worth mentioning that the compromised details vary for each affected person, depending on their role in the company or for how long they’ve been clients. The cyberattack has already been reported to the Information Commissioner’s Office (ICO), but no further action will be taken, as some sources have disclosed.
When asked about this incident, a cybersecurity consultant mentioned: “Cybercriminals have no preference in terms of sector, industry or type of data that could be breached, thus causing great concerns and inconvenient for affected organizations and users above all.”In this specific case, it is concerning the significant delay the company took to notify those who may have had their data stole, as time is essential to prevent further incidents”.
Users concerned about their data security status should contact Sandcliffe staff as soon as possible, as well as their banking institution service.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.