Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:



Arnold Clark demanded to pay millions in ransom by hackers

PLAY Ransomware Group recently targeted British car dealership Arnold Clark and is now threatening to leak private and corporate customers’ data to the dark web unless they are paid million in cryptocurrency.

The hackers have apparently already leaked 15 gigabytes of customer data, including National Insurance numbers, passports, addresses, bank statements, and car finance documents. With the threat of them spreading a further 467 gigabytes of data if the ransom is not paid.

Arnold Clark described the attack that took place on Christmas Eve 2022 as suspicious traffic on the company network. The dealership did, however, assure its customers that their data had been protected. Followed by an apology issued to its customers for the disruption.

Currently, the company’s external security partners are reviewing its IT network and infrastructure and helping the IT team reenable their networks safely and securely.

WhatsApp was fined 5.5 million euros for violating Data Protection Laws

WhatsApp fines for violating data protection laws when processing users’ personal information. In the days leading up to the enforcement of the General Data Protection Regulation (GDPR) in May 2018, users had to agree to revised terms to continue using the app or risk losing access.

Allegedly WhatsApp breached regulations by compelling users to consent to the processing of their personal data for service improvements and security by making the accessibility of its services conditional on users accepting the Terms of Service.

As well as the fine, WhatsApp has also been ordered to bring its operations into compliance within six months. The DPC doesn’t plan to investigate WhatsApp further using user metadata for advertising, something NOYB criticised.

NOYB’s Max Schrems said, “WhatsApp says it’s encrypted, but this is only true for the content of chats – not the metadata. WhatsApp still knows who you chat with most and at what time. This allows Meta to get a very close understanding of the social fabric around you.”

JD Sports customers hit by cyber attack

The sportswear chain has said stored data relating to 10 million customers may be at risk due to cyber attacks. This includes customer names, addresses, email accounts, phone numbers, order details, and bank cards’ last four digits.

JD has said it is contacting affected customers, although the group have stated it didn’t store full card details and believed no customer passwords were collected. Neil Greenhalgh, the Chief Financial Officer of JD Sports, said, “We want to apologise to those customers who may have been affected by this incident. Protecting the data of our customers is an absolute priority for JD.”

The cyber attack was related to orders placed through JD, Blacks, Scotts and Millet Sports, with only the historical data being accessed by hackers.

The company is said to be working with “leading cyber-security experts” and engaging with UK’s ICO.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.