It was reported yesterday that customers were emailed about the attack which happened just before Christmas and caused the car giant to shut down its entire computer network.
Information which may have been stolen includes bank details and ID documents.
The firm which has more than 200 dealerships across the UK has not revealed how many customers had been impacted.
A spokesperson for Arnold Clark said: “On the evening of December 23, 2022, Arnold Clark Automobiles was a victim of a cyber attack.
“Our external security network consultants alerted us to unusual activity on our network, and we immediately took steps to minimise the impact of the attack by removing all external connections to our network to protect our customer data, third-party partners and our systems.
“While we were initially advised that all our data was secure, unfortunately, in the course of our investigation, it has become clear that during this incident, the attackers were able to steal copies of some data that we hold.
“Due to the type of cyber attack that we have been subjected to, it is extremely difficult to accurately identify what has been stolen; however, our teams are working with our external advisors to understand the exact nature and extent of that data.”
The spokesperson added: “During this incident we have been in constant communication with the regulatory authorities and have sought useful guidance from the police, and we will continue to do so to help other companies learn from our experience and be better prepared for possible situations such as this.