Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which halted production in late August.
In the wake of the attack, the car manufacturer initially said it had shut down IT systems to thwart attackers and contain the incident. However, the company has since admitted that some data has been compromised.
"As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators,” JLR said in a statement on 10 September.
Exact details on what data has been impacted in the attack are yet to be revealed, but the company confirmed it plans to “contact anyone as appropriate if we find that their data has been impacted”.
What happened with the Jaguar Land Rover attack?
JLR initially confirmed a cyber attack had occurred in late August which severely disrupted systems. Reports on 1 September revealed the incident halted car production and forced the manufacturer to send workers home.
Production lines at a host of locations, including Solihull, Halewood, and Wolverhampton, have reportedly been lying dormant since the attack.
In its latest update on the incident, JLR said it has been “working around the clock” and coordinating with third-party cybersecurity specialists to get operations back up and running.
Responsibility for the cyber attack was claimed by a group called Scattered Lapsus$ Hunters, a combination of names belonging to three separate hacker groups, Scattered Spider, Lapsus$ and ShinyHunters.
Scattered Spider gained notoriety earlier this year after claiming responsibility for attacks on a host of retailers, including Marks & Spencer (M&S).
The supermarket chain has faced significant challenges in the wake of the attack, with operations severely disrupted for several months.
Jon Abbott, founder and CEO of cybersecurity firm ThreatAware, said the discovery that data was compromised adds insult to injury during a challenging period for JLR.
“The theft of data only deepens what is already a painful situation for Jaguar Land Rover,” he said.
“Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships.”
Customers advised to remain vigilant
While JLR is yet to confirm what data had been stolen, Abbott nonetheless advised customers to remain vigilant for potential phishing scams in the wake of the incident.
This is a common tactic employed by threat actors following any attack or data breach affecting customer information, such as email addresses or contact details.
“If they (employees) receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution,” he said.
Darren Williams, CEO and founder of BlackFog, echoed Abbott’s comments, adding that this was a trend in the wake of previous attacks by the Scattered Spider group.
“The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks,” he explained.
“Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Enterprise AI adoption is about to get the Big Brother treatmentOpinion Worried your staff aren’t using those shiny AI tools you petitioned for? Big tech has you covered
-
Dreamforce 2025: What's an agentic OS?ITPro Podcast NPUs, e-ink, and immersive headsets are the latest hardware innovations for business devices
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
-
Europol takes down SIM farm network that scammed thousands of victimsNews The sophisticated operation led to crimes from simple phishing to investment fraud
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thingNews A new report uncovers worrying complacency amongst IT and security leaders
-
Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourselfNews CISA has warned the F5 security incident presents a serious threat to federal networks
