Home / News & Resources / Hayes Connor in the news / Cyber attack at Mercedes dealership as 100 staff begin legal action after ‘personal data accessed’

Cyber attack at Mercedes dealership as 100 staff begin legal action after ‘personal data accessed’

  • Posted on

Legal action is being taken by 106 current and former staff members from Mercedes dealership LSH Auto, which has sites in Erdington and Solihull.

A sophisticated cyber attack at a Mercedes dealership led to 'personal data of more than 100 staff being accessed', a law firm has claimed. The security breach has now prompted staff to take legal action against their employers.

Staff from the Mercedes dealership LSH Auto - which has sites in Erdington and Solihull - have been affected. The 'security incident' happened in June last year.

But today specialist data breach law firm Hayes Connor confirmed the start of the group's legal flight. It includes both current workers at LSH’s eight dealerships and former members of staff.

The 106-strong group were first contacted by bosses at the firm by letter more than six months ago which led to serious concerns among those affected. But Hayes Connor said that they "failed to get any answers from the company as to how their data had been breached and what happened to it."

A letter warned staff the business had suffered a "security incident" on June 3, last year, which “may have resulted in unauthorised access to your personal data”. It went on to say that the cyber attack was carried out by "unknown and unauthorised individual(s)."

Experts at Hayes Connor have been working with a growing number of people affected by the breach since then. The firm said the action was a bid to find out exactly how the cyber attack could have happened and what data had been accessed.

It is feared bank details, National Insurance numbers and other personal information could have been compromised in the attack. This, the group’s legal advisers say, has caused them "months of concern as they wait to find out more."

“The initial letter caused huge concern amongst those affected," said Christine Sabino, a Legal Director from Hayes Connor. "Being told out of the blue that your data has been breached is worrying enough, but all of those affected still don’t know which data was accessed and what might have happened to it.

“Whether they still work for this dealership or not, every single one of our clients has a right to know exactly what went wrong here. LSH owes each and every person affected an explanation for this unnecessary distress and should say what they intend to do for them.”

She added: “LSH should also assure the people affected that this sort of incident won’t happen again and outline what steps they have taken to protect everyone’s data for the future. The very least you can expect from a current or former employer is that your private, highly personal information is kept safe but, sadly, we are seeing more and more of these cases and it’s a real concern for the people affected.”

LSH Auto operates from a number of sites in the the Midlands and the North West. It said their investigations found there was "no evidence that any potentially compromised data had been misused."

Martyn Webb, the managing director at LSH Auto UK, said: “In June 2021, LSH Auto UK was the victim of a sophisticated cyber-attack contained to its UK business. We take the security of our systems and data extremely seriously, and so we immediately took action to protect our systems and engaged forensic specialists to investigate the incident.

"We took immediate steps to protect our employees and communicate with them, offering all current and former employees support through a dedicated advice helpline and free credit checks. Our investigations concluded that there was no evidence that any potentially compromised data had been misused and the Information Commissioner’s Office subsequently confirmed that it would not be taking any further action.

“We are sorry this happened and the uncertainty that it caused, we take such matters seriously and have and continue to take all necessary steps to protect against cyber-attacks.”