An employee clicked a link in an unsolicited email, which resulted in a cyberattack on the Sandicliffe car dealership that could have exposed personal information about 1,000 people.
During the incident, 'potentially thousands' of peoples' bank account information and medical records were taken.
Sandicliffe recently notified anyone impacted by the issue to confirm that their personal data had been compromised. This includes both current and former workers as well as customers.
Names, dates of birth, bank account numbers and sort codes, National Insurance numbers, passport scans, wage levels, and medical histories are among the information that is thought to have been obtained by the hackers.
Source: https://www.nottinghampost.com/news/local-news/thousands-people-could-personal-details-4676903
TPRM report: https://scoringcyber.rankiteo.com/company/sandicliffe-motor-group
"id": "san35012623",
"linkid": "sandicliffe-motor-group",
"type": "Breach",
"date": "11/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 1000,
'industry': 'Automotive',
'name': 'Sandicliffe',
'type': 'Car Dealership'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 1000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Bank account numbers and sort '
'codes',
'National Insurance numbers',
'Passport scans',
'Wage levels',
'Medical histories']},
'description': 'An employee clicked a link in an unsolicited email, which '
'resulted in a cyberattack on the Sandicliffe car dealership '
'that could have exposed personal information about 1,000 '
"people. During the incident, 'potentially thousands' of "
"peoples' bank account information and medical records were "
'taken. Sandicliffe recently notified anyone impacted by the '
'issue to confirm that their personal data had been '
'compromised. This includes both current and former workers as '
'well as customers. Names, dates of birth, bank account '
'numbers and sort codes, National Insurance numbers, passport '
'scans, wage levels, and medical histories are among the '
'information that is thought to have been obtained by the '
'hackers.',
'impact': {'data_compromised': ['Names',
'Dates of birth',
'Bank account numbers and sort codes',
'National Insurance numbers',
'Passport scans',
'Wage levels',
'Medical histories'],
'identity_theft_risk': True,
'payment_information_risk': True},
'initial_access_broker': {'entry_point': 'Phishing Email'},
'post_incident_analysis': {'root_causes': 'Human Error'},
'response': {'communication_strategy': 'Notified impacted individuals'},
'title': 'Sandicliffe Car Dealership Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}