Jaguar Land Rover Acknowledges Data Breach After Cyberattack

Jaguar Land Rover Acknowledges Data Breach After Cyberattack

Jaguar Land Rover (JLR) has officially confirmed that data theft occurred during a recent cyberattack that forced the automaker to shut down production systems and instruct staff not to report to work.

🔍 Key Details:

• Incident disclosed Sept 2; confirmed data theft on Sept 10.
• Attack severely disrupted production activities.
• JLR engaged UK National Cyber Security Centre (NCSC) and third-party specialists to restore systems.
• Notifications sent to regulators; forensic investigation ongoing.

📌 Official Statement:

“We now believe that some data has been affected and we are informing the relevant regulators. Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”

👥 Who is behind it?
While JLR has not attributed the attack, a group calling itself “Scattered Lapsus$ Hunters” claimed responsibility on Telegram, posting screenshots of internal SAP systems and alleging the deployment of ransomware.
This group is reportedly linked to Lapsus$, Scattered Spider, and ShinyHunters, all known for extortion campaigns and supply chain attacks.

🌍 Wider Impact
The same group is tied to Salesforce OAuth token theft attacks, impacting companies such as Google, Cloudflare, Elastic, Palo Alto Networks, Zscaler, Proofpoint, BeyondTrust, Tenable, Workday, JFrog, HackerOne, and more.

🚗 About JLR

• Subsidiary of Tata Motors India
• ~$38B annual revenue
• 39,000 employees, 400,000+ vehicles annually

⚠️ Takeaway
The JLR incident underscores the growing threat to automotive supply chains, where ransomware and data theft disrupt both operations and trust.

At Alcaeus Services, we support organizations in incident response, supply chain monitoring, and resilience planning to mitigate the impact of such high-profile attacks.