Jaguar Land Rover Confirms Data Theft in Major Cyber Attack
Jaguar Land Rover (JLR) has revealed that the large-scale cyberattack halting its operations also resulted in sensitive company data being stolen.
The breach, which triggered factory shutdowns across the UK and overseas, underscores the escalating cybersecurity risks confronting global manufacturers.
“The confirmation that data has been compromised, alongside severe disruption to its operations, should come as no surprise,” says Dr Darren Williams, Founder and CEO of BlackFog, a leader in ransomware prevention and Anti Data Exfiltration (ADX).
“JLR is still working hard to restore its systems and, while it has yet to confirm the nature and amount of data impacted in the attack, customers should be vigilant.”
JLR confirms data theft in cyber attack
JLR has confirmed that sensitive data was compromised in the cyberattack that has crippled its production lines and dealer operations since 31 August.
In an official statement, the luxury carmaker says its forensic investigation had determined that “some data has been affected”.
“Since we became aware of the cyber incident, we have been working around the clock, alongside third‑party cybersecurity specialists, to restart our global applications in a controlled and safe manner,” JLR says.
“As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.
“Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.
“We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”
Global operations disrupted
The cyberattack has severely disrupted JLR’s global manufacturing network.
Production remains suspended at its Solihull, Halewood and Wolverhampton plants, with staff sent home and no confirmed date for operations to resume.
Its retail operations are also struggling, as delays in vehicle registrations have left customers unable to collect new cars during the crucial biannual launch of numberplates.
The shutdown is projected to cost the Tata-owned manufacturer around £5m (US$6.8m) in lost revenue each day.
Former Land Rover Chief Engineer Dr Charles Tennant notes that JLR typically generates about £75m (US$101.3m) in daily turnover, meaning even short-term disruption carries a heavy financial toll.
Suppliers are feeling the effects too, with some stating operations are impacted due to lack of access to JLR’s computer systems and databases.
Who is responsible for the JLR attack?
Although the exact origin of the attack remains unverified, a hacker group has claimed responsibility.
Cybercriminals previously connected to incidents at companies such as M&S have shared screenshots online, allegedly taken from JLR’s internal systems.
Experts have highlighted similarities with groups like Scattered Spider, Lapsus$ and ShinyHunters, which have been linked to major breaches targeting leading global firms.
Darren adds: “The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks. Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks.
“Data exfiltration is now the primary MO of these ransomware gangs and organisations must concentrate their defences on stopping intruders from accessing and stealing their mission-critical information.”
In the House of Commons earlier this week, business minister Sir Chris Bryant stated he could “neither confirm nor deny” speculation that the cyberattack was state-sponsored.
Regardless, the breach highlights once again the growing threat to UK critical industries from increasingly sophisticated cyber actors.
The data and cyber fallout
The theft of data shifts the breach from an operational disruption to a regulatory and reputational crisis.
JLR has notified the Information Commissioner’s Office (ICO), though it has not disclosed what categories of data were taken.
Regulatory scrutiny now looms, with potential penalties under data protection laws if personal or employee information was inadequately secured.
For the automotive sector – increasingly reliant on connected technologies, digital platforms and complex supply chains – the JLR breach is a clear warning of the financial, operational and brand damage that cyberattacks can inflict.
