Sandicliffe Motor Group, a vehicle dealership with a total of 10 sites in Nottingham, Leicester and Loughborough has revealed details of a cyber-attack.  It has been reported that the incident may have affected “thousands” of staff and customers.


On becoming aware of the breach on 20 February this year Sandcliffe immediately launched an investigation and reported the incident to the Information Commissioner’s Office.


The incident is said to have occurred when a member of staff opened a link in an unsolicited email.  It is understood that this resulted in the cyber criminals gaining access to a number of highly sensitive personal files.


Sandicliffe has contacted all employees (past and present) and those customers whose personal data may have been affected. The personal data believed to have been stolen includes:

  • name
  • date of birth
  • bank account number and sort code
  • NI number
  • passport
  • salary
  • medical history

Sandicliffe has advised all staff and customers to remain vigilant and to notify their bank immediately so that accounts can be monitored appropriately.


In a statement, the Managing Director for Sandicliffe, said:

“We can confirm Sandicliffe experienced a cybersecurity breach as a result of a sophisticated attack by a third party.

As soon as we became aware, we took immediate steps to contain and remedy the breach and security was quickly re-established.

Sandicliffe take data and IT security extremely seriously and this breach did not affect our ability to operate.

We have also complied with our legal requirements and have notified relevant affected individuals.”


It is not known why Sandcliffe has taken 9 months to notify the individuals affected. Especially given that they became aware of the breach in February!

If you have been affected by Sandicliffe’s data breach, get in touch with our team for advice.