Jaguar Land Rover (JLR) has admitted some data may have been accessed by hackers following a cyber attack which halted production in late August.
In the wake of the attack, the car manufacturer initially said it had shut down IT systems to thwart attackers and contain the incident. However, the company has since admitted that some data has been compromised.
"As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators,” JLR said in a statement on 10 September.
Exact details on what data has been impacted in the attack are yet to be revealed, but the company confirmed it plans to “contact anyone as appropriate if we find that their data has been impacted”.
What happened with the Jaguar Land Rover attack?
JLR initially confirmed a cyber attack had occurred in late August which severely disrupted systems. Reports on 1 September revealed the incident halted car production and forced the manufacturer to send workers home.
Production lines at a host of locations, including Solihull, Halewood, and Wolverhampton, have reportedly been lying dormant since the attack.
In its latest update on the incident, JLR said it has been “working around the clock” and coordinating with third-party cybersecurity specialists to get operations back up and running.
Responsibility for the cyber attack was claimed by a group called Scattered Lapsus$ Hunters, a combination of names belonging to three separate hacker groups, Scattered Spider, Lapsus$ and ShinyHunters.
Scattered Spider gained notoriety earlier this year after claiming responsibility for attacks on a host of retailers, including Marks & Spencer (M&S).
The supermarket chain has faced significant challenges in the wake of the attack, with operations severely disrupted for several months.
Jon Abbott, founder and CEO of cybersecurity firm ThreatAware, said the discovery that data was compromised adds insult to injury during a challenging period for JLR.
“The theft of data only deepens what is already a painful situation for Jaguar Land Rover,” he said.
“Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships.”
Customers advised to remain vigilant
While JLR is yet to confirm what data had been stolen, Abbott nonetheless advised customers to remain vigilant for potential phishing scams in the wake of the incident.
This is a common tactic employed by threat actors following any attack or data breach affecting customer information, such as email addresses or contact details.
“If they (employees) receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution,” he said.
Darren Williams, CEO and founder of BlackFog, echoed Abbott’s comments, adding that this was a trend in the wake of previous attacks by the Scattered Spider group.
“The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks,” he explained.
“Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Gender diversity improvements could be the key to tackling the UK's AI skills shortageNews Encouraging more women to pursue tech careers could plug huge gaps in the AI workforce
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network Academy
News The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
