Car dealer 'won't be held hostage' by hackers after ransom demand
Pendragon has refused to pay $60m despite threat to leak sensitive information
The UK’s second-largest car retailer is refusing to pay a ransom demand for $60m (£54m) from dark web hackers, The Times has discovered.
Pendragon, which is listed on the London Stock Exchange and operates the Evans Halshaw, Stratstone and Car Store brands, this morning told the paper that it had been undergoing a cyberattack for a month “by a gang connected to a sophisticated group known as LockBit 3.0”. Security experts had protected the system after 5% of its database had been breached, the dealer claimed.
Representatives of Pendragon have alerted authorities including the National Cyber Security Centre — part of GCHQ — police, information commissioner and Financial Conduct Authority.
The company said it is in daily contact with the gang, which has provided proof of the data breach, though has declined to enter into discussions about payment of the ransom into a bitcoin wallet despite being given a final warning that its information would be leaked onto the dark web today.
“We refuse to be held hostage by this group and we will not be paying a ransom demand,” Kim Costello, the chief marketing officer, said.
Clients of Pendragon including Aston Martin, BMW, Ferrari, Porsche, Jaguar Land Rover and Mercedes-Benz were informed about the breach this morning, and the group’s 4,000 staff were notified by email.
Lockbit has been linked to an ongoing hack of the Kingfisher insurance group along with cyberattacks on businesses in Japan and France, as well as on Ukrainian infrastructure following the invasion by Russia in February. However it claimed to be an apological multinational community for whom hacking “is just business”.
It added: “We are only interested in money for our harmless and useful work.”
Related articles
- After reading about Pendragon’s refusal to pay hackers a $60m ransom, you might be interested in how thieves hack into and steal keyless-entry cars
- Also check out how fake online car dealers ‘clone’ genuine retailers and lure victims with bargains
- And you might like to know that wrecked cars have been sold by some of the UK’s biggest car dealers with no mention of their chequered past
Latest articles
- Mini Aceman 2025 review: Mini hopes electric crossover will be its ace in the pack, but is it actually a joker?
- Ford Capri 2025 review: A decent electric car weighed down by the expectation of its name
- Ford’s UK office staff set to strike over pay and contract disputes
- Hyundai reveals world’s first hydrogen-powered battle tank
- Aston Martin Vanquish 2024 review: James Bond would approve of mega-power Aston, but it’s not quite bulletproof
- F1 2024 calendar and race reports: What time the next grand prix starts and what happened in the previous rounds
- BMW M5 PHEV 2024 review: The most explosive M-saloon yet … but is a plug-in hybrid right?
- Kia EV6 2024 review: Now every version of the electric hatchback can cover more than 300 miles (oifficially)
- Audi S5 2024 review: Audi smells blood in battle with BMW