Jaguar Land Rover Confirms Data Theft in Cyber Attack

Share this article
Share this article
Prioritise Us on Google
JLR Vehicle (Credit: JLR)
Cyber attack on Jaguar Land Rover is confirmed to have resulted in data theft, impacting production and prompting regulatory notifications

Jaguar Land Rover (JLR) has confirmed that the massive cyber incident disrupting its operations has also led to the theft of company data. 

The breach, which forced factory closures across the UK and abroad, epitomises the growing cybersecurity threats facing global manufacturers.

“The confirmation that data has been compromised, alongside severe disruption to its operations, should come as no surprise,” says Dr Darren Williams, Founder and CEO of BlackFog, a leader in ransomware prevention and Anti Data Exfiltration (ADX).

Dr Darren Williams, Founder and CEO of BlackFog

“JLR is still working hard to restore its systems and, while it has yet to confirm the nature and amount of data impacted in the attack, customers should be vigilant.”

JLR confirms data theft in cyber attack

JLR has officially acknowledged that sensitive data was compromised in the cyber attack that has paralysed its production lines and dealer operations since 31 August. 

In a statement, the luxury automaker says its forensic investigation had found “some data has been affected”.

“Since we became aware of the cyber incident, we have been working around the clock, alongside third‑party cybersecurity specialists, to restart our global applications in a controlled and safe manner,” JLR says.

“As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. 

“Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.

“We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”

Global operations disrupted

The hack has had a significant impact on JLR’s global manufacturing operations. 

Production has been halted at its plants in Solihull, Halewood and Wolverhampton and workers have been sent home with no confirmed restart date. 

Dealerships have also been affected, with delays in registering vehicles preventing customers from collecting new cars during one of the automotive industry’s busiest periods – the biannual release of new numberplates.

The shutdown is estimated to be costing the Tata-owned carmaker around £5m (US$6.8m) per day in lost revenue. 

According to former Land Rover Chief Engineer Dr Charles Tennant, JLR typically generates around £75m (US101.3m) in daily turnover, meaning even a short disruption could inflict significant financial damage.

Dr Charles Tennant, former Chief Engineer at JLR

Suppliers are feeling the effects too, with some stating operations are impacted due to lack of access to JLR’s computer systems and databases.

Who is responsible for the JLR attack?

While the precise source of the attack has not been confirmed, a group of hackers has claimed responsibility. 

Cybercriminals linked to previous intrusions at the likes of M&S have posted screenshots online, allegedly taken from JLR’s internal IT systems. 

Observers have noted similarities with groups including Scattered Spider, Lapsus$ and ShinyHunters, known for high-profile breaches across major firms.

Youtube Placeholder

Darren adds: “The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks. Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks. 

“Data exfiltration is now the primary MO of these ransomware gangs and organisations must concentrate their defences on stopping intruders from accessing and stealing their mission-critical information.”  

In the House of Commons earlier this week, business minister Sir Chris Bryant said he could “neither confirm nor deny” speculation that the incident was state-sponsored. 

Sir Chris Bryant, Minister of State at the Department for Business and Trade

Regardless, the breach highlights once again the growing threat to UK critical industries from increasingly sophisticated cyber actors.

The data and cyber fallout

The fact that data has been stolen escalates the breach from an operational crisis to a regulatory and trust challenge. 

The Information Commissioner’s Office (ICO) has already been informed of the attack, though JLR has not publicly specified what kinds of data were accessed. 

With regulators involved, the company could face scrutiny under data protection laws and potentially regulatory fines if customer or employee information was insufficiently protected.

For the automotive industry – which increasingly depends on connected technologies, digital services and supplier ecosystems – the JLR incident is a stark reminder of how disruptive and expensive cyber attacks can be, as well as undermining public trust and long-term brand reputation.