Jaguar Land Rover Confirms Data Breach After Cyberattack
▼ Summary
– Jaguar Land Rover (JLR) confirmed that a recent cyberattack resulted in the theft of some data and severely disrupted production activities.
– The company, which employs 39,000 people and produces over 400,000 vehicles annually, is working with the UK National Cyber Security Centre and third-party cybersecurity specialists to investigate and restart operations.
– JLR has notified relevant regulators about the data breach and will contact individuals if their data is found to be impacted.
– A group called “Scattered Lapsus$ Hunters” claimed responsibility on Telegram, sharing screenshots of an internal JLR system and stating they deployed ransomware.
– This group, associated with Lapsus$, Scattered Spider, and ShinyHunters, is also behind widespread Salesforce data theft attacks affecting companies like Google, Cloudflare, and Palo Alto Networks.
Jaguar Land Rover has officially confirmed a significant data breach following a recent cyberattack that disrupted its global operations. The luxury automaker, which operates as a subsidiary of Tata Motors, was forced to temporarily shut down systems and instruct employees not to report to work as it worked to contain the incident. With annual revenues exceeding $38 billion and a workforce of around 39,000 people, the impact of this breach extends across its extensive production and corporate networks.
The company first disclosed the cyber incident on September 2, noting that production had been severely affected. Since then, JLR has been collaborating with the U.K. National Cyber Security Centre and external cybersecurity experts to restore systems safely. In its latest update, the automaker acknowledged that some data was stolen during the attack, though specific details regarding the type or volume of compromised information remain unclear. Regulatory bodies have been notified as the forensic investigation continues.
JLR emphasized that its team has been working around the clock to manage the fallout and restart applications in a controlled manner. The company also committed to contacting affected individuals should their personal data be identified among the stolen information. Despite repeated requests for comment, JLR has not provided further specifics about the potential impact on customers or the full scope of the intrusion.
While no well-known ransomware group has publicly claimed responsibility for the attack, a collective identifying itself as “Scattered Lapsus$ Hunters” has posted on Telegram alleging involvement. The group shared screenshots purportedly taken from JLR’s internal SAP systems and claimed to have deployed ransomware. This same threat actor has been linked to recent large-scale data theft campaigns targeting Salesforce instances through social engineering and stolen OAuth tokens.
The broader attack campaign attributed to this group has impacted a number of high-profile organizations, including Google, Cloudflare, Palo Alto Networks, and Workday, among others. The use of compromised third-party applications highlights a growing trend in supply chain and identity-based attacks, putting major enterprises at continued risk. As JLR works to recover and reinforce its defenses, the incident underscores the critical importance of robust cybersecurity measures throughout the automotive and technology sectors.
(Source: Bleeping Computer)
