Jaguar Land Rover u-turns on cyber attack containment claims, admits ‘some data has been affected’
The car manufacturer says the attack was worse than first thought
Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which halted production in late August.
In the wake of the attack, the car manufacturer initially said it had shut down IT systems to thwart attackers and contain the incident. However, the company has since admitted that some data has been compromised.
"As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators,” JLR said in a statement on 10 September.
Exact details on what data has been impacted in the attack are yet to be revealed, but the company confirmed it plans to “contact anyone as appropriate if we find that their data has been impacted”.
What happened with the Jaguar Land Rover attack?
JLR initially confirmed a cyber attack had occurred in late August which severely disrupted systems. Reports on 1 September revealed the incident halted car production and forced the manufacturer to send workers home.
Production lines at a host of locations, including Solihull, Halewood, and Wolverhampton, have reportedly been lying dormant since the attack.
In its latest update on the incident, JLR said it has been “working around the clock” and coordinating with third-party cybersecurity specialists to get operations back up and running.
Responsibility for the cyber attack was claimed by a group called Scattered Lapsus$ Hunters, a combination of names belonging to three separate hacker groups, Scattered Spider, Lapsus$ and ShinyHunters.
Scattered Spider gained notoriety earlier this year after claiming responsibility for attacks on a host of retailers, including Marks & Spencer (M&S).
The supermarket chain has faced significant challenges in the wake of the attack, with operations severely disrupted for several months.
Jon Abbott, founder and CEO of cybersecurity firm ThreatAware, said the discovery that data was compromised adds insult to injury during a challenging period for JLR.
“The theft of data only deepens what is already a painful situation for Jaguar Land Rover,” he said.
“Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships.”
Customers advised to remain vigilant
While JLR is yet to confirm what data had been stolen, Abbott nonetheless advised customers to remain vigilant for potential phishing scams in the wake of the incident.
This is a common tactic employed by threat actors following any attack or data breach affecting customer information, such as email addresses or contact details.
“If they (employees) receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution,” he said.
Darren Williams, CEO and founder of BlackFog, echoed Abbott’s comments, adding that this was a trend in the wake of previous attacks by the Scattered Spider group.
“The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks,” he explained.
“Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
What is Microsoft Maia?Explainer Microsoft's in-house chip is planned to a core aspect of Microsoft Copilot and future Azure AI offerings
-
If Satya Nadella wants us to take AI seriously, let’s forget about mass adoption and start with a return on investment for those already using itOpinion If Satya Nadella wants us to take AI seriously, let's start with ROI for businesses
-
90% of companies are woefully unprepared for quantum security threats – analysts say they need to get a move onNews Quantum security threats are coming, but a Bain & Company survey shows systems aren't yet in place to prevent widespread chaos
-
LastPass issues alert as customers targeted in new phishing campaignNews LastPass has urged customers to be on the alert for phishing emails amidst an ongoing scam campaign that encourages users to backup vaults.
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
