Associate Bill Singer comments in The Sunday Post on the extent of Arnold Clark’s data breach

Arnold Clark Car Dealership

Share this article:


Associate Bill Singer provides details on the extent of Arnold Clark’s data breach and the harm this has caused for many customers.

Bill’s comments were published in The Sunday Post, 23rd April 2023, here, and Motor Trader, 25th April 2023, here.

Bill commented: “We have had over 7,500 enquiries from potential victims of the Arnold Clark data breach, and this number continues to grow as the depth and scale of this breach is becoming more apparent.”

“It is difficult to say for certain the levels of compensation at this early stage. We anticipate that as the facts become better established as our investigation progresses, that levels of compensation will vary depending on the harm that affected individuals have suffered as a result of this breach. This ranges from emotional distress right through to extensive and material financial damage, all of which the UK courts have the power to award compensation for in respect of GDPR breaches.”

“Customers’ personal data being compromised is associated with a severe threat of becoming a victim of cybercrime. We have established that more than half a terabyte of Arnold Clark customer data has now been exposed on the dark web – as a car dealership, this means highly sensitive records such as addresses, contact information, payment information, drivers’ licenses and passports are available online.”

“Cybercriminals can acquire and use this data for a whole manner of malicious activities. Our clients are already reporting a range of fraudulent activity stemming from this breach, including current account banking fraud, cloned debit cards, blocked transactions, identity theft, repeated credit checks triggered by unknown fraudsters, phishing emails and scam instant messages. Where clients are made aware of an enhanced risk of cybercrime, or detect fraudulent activity involving their personal information, they will typically have to spend time resolving the issue. The simple knowledge that this personal information is freely available online is a matter of deep emotional distress for many affected.”

Regarding people who find themselves the victim of such data breaches, Bill advised: “Customers notified that they have been affected by this breach may wish to complain to the data controller in question or take this to the Information Commissioner’s Office (ICO) if they remain dissatisfied after response from Arnold Clark. The ICO is the regulator charged with investigating such matters, and while they have the power to uphold breaches of GDPR and impose fines on the company, unfortunately their remit stops short at awarding compensation to affected individuals whose personal data has been compromised.”

“That’s where we come in – we can advise consumers on their rights and seek compensation on their behalf. At present, we now represent over 7,500 clients who each allege breaches to their privacy rights and wish to claim damages. Customers should seek independent legal advice on their options.”

In February 2024, our firm changed its name from Keller Postman UK to KP Law.

Share this article: