Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which halted production in late August.
In the wake of the attack, the car manufacturer initially said it had shut down IT systems to thwart attackers and contain the incident. However, the company has since admitted that some data has been compromised.
"As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators,” JLR said in a statement on 10 September.
Exact details on what data has been impacted in the attack are yet to be revealed, but the company confirmed it plans to “contact anyone as appropriate if we find that their data has been impacted”.
What happened with the Jaguar Land Rover attack?
JLR initially confirmed a cyber attack had occurred in late August which severely disrupted systems. Reports on 1 September revealed the incident halted car production and forced the manufacturer to send workers home.
Production lines at a host of locations, including Solihull, Halewood, and Wolverhampton, have reportedly been lying dormant since the attack.
In its latest update on the incident, JLR said it has been “working around the clock” and coordinating with third-party cybersecurity specialists to get operations back up and running.
Responsibility for the cyber attack was claimed by a group called Scattered Lapsus$ Hunters, a combination of names belonging to three separate hacker groups, Scattered Spider, Lapsus$ and ShinyHunters.
Scattered Spider gained notoriety earlier this year after claiming responsibility for attacks on a host of retailers, including Marks & Spencer (M&S).
The supermarket chain has faced significant challenges in the wake of the attack, with operations severely disrupted for several months.
Jon Abbott, founder and CEO of cybersecurity firm ThreatAware, said the discovery that data was compromised adds insult to injury during a challenging period for JLR.
“The theft of data only deepens what is already a painful situation for Jaguar Land Rover,” he said.
“Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships.”
Customers advised to remain vigilant
While JLR is yet to confirm what data had been stolen, Abbott nonetheless advised customers to remain vigilant for potential phishing scams in the wake of the incident.
This is a common tactic employed by threat actors following any attack or data breach affecting customer information, such as email addresses or contact details.
“If they (employees) receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution,” he said.
Darren Williams, CEO and founder of BlackFog, echoed Abbott’s comments, adding that this was a trend in the wake of previous attacks by the Scattered Spider group.
“The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks,” he explained.
“Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Mainframes are back in vogueNews Mainframes are back in vogue, according to research from Kyndryl, with enterprises ramping up hybrid IT strategies and generative AI adoption.
-
Everything we know about the Plex data breach so far
News Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staffNews Enterprises should act swiftly to revoke rights and access, regardless of the manner of an employee’s departure.
