Car retail giant hit by major cyber attack
Nottingham-headquartered car retailer Pendragon has been held to ransom for around £53m after a “sophisticated” hacking group targeted its IT systems.
The firm issued a series of security updates on Friday (21 October) revealing it was “currently responding to an IT security incident” which had been reported to the National Cyber Security Centre and the police.
Pendragon told The Times its IT servers had been hacked by “a sophisticated group known as LockBit 3.0” which had managed to steal around 5% of its database.
The group is believed to have demanded Pendragon pay $60m into a bitcoin wallet or face the data being released onto the dark web.
The attack reportedly began a month ago.
The retailer said it had taken “immediate steps” to contain the incident and revealed it had successfully obtained an interim injunction from the High Court against the group.
Pendragon’s chief marketing officer Kim Costello told The Times the firm “[would] not be paying the ransom demand.”
Pendragon moved swiftly to allay fears on Friday, continuing to service its customers “as normal.”
Its manufacturers and staff have been notified.
A statement on the company’s website said: “We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident. This has not affected our ability to operate, and we continue to service our customers and communities as normal.
“Upon discovery, we took immediate steps to contain the incident. Our security specialists launched an extensive investigation to assess fully what has happened and we’ll be keeping our customers and partners updated. To add, the Pinewood Dealer Management System was and remains completely unaffected.”
The news comes around a month after Pendragon revealed it was carrying out a “comprehensive review of all potential strategic options” following a £400m takeover bid by its largest shareholder.
In a further development on Monday (24 October), the company told the London Stock Exchange it had granted Hedin Group “access to complete its necessary due diligence” regarding the takeover plan but said there could be “no certainty” that a firm offer will be made.
Hedin has been given an extended deadline of 21 November 2022 to formally announce its intention to make an offer for the retailer.