Jaguar Land Rover (JLR) confirmed right now that attackers additionally stole “some knowledge” throughout a latest cyberattack that compelled it to close down programs and instruct employees to not report back to work.
JRL capabilities as a standalone entity underneath Tata Motors India after its buy from Ford in 2008. With an annual income of over $38 billion (£29 billion), JLR employs roughly 39,000 folks and makes greater than 400,000 autos every year.
The car producer disclosed the assault on September 2, stating that its “manufacturing actions have been severely disrupted.” JLR has been working to restart its operations and investigating the incident since then with the assistance of the U.Okay. Nationwide Cyber Safety Centre (NCSC).
In right now’s assertion, the corporate additionally introduced that it has notified the related authorities concerning the data breach.
“Since we grew to become conscious of the cyber incident, we have now been working across the clock, alongside third‑get together cybersecurity specialists, to restart our international purposes in a managed and secure method,” JLR stated.
“Because of our ongoing investigation, we now consider that some knowledge has been affected and we’re informing the related regulators. Our forensic investigation continues at tempo and we are going to contact anybody as applicable if we discover that their knowledge has been impacted.”
JLR did not reply to a request for remark when BleepingComputer reached out to ask for extra details about the incident and its potential influence on clients.
Whereas JLR has confirmed that the risk actors have stolen data from its compromised programs, the corporate has but to attribute the assault to a selected cybercrime group, and no recognized ransomware gangs have taken duty for the assault.
Nevertheless, a loosely knit group of cybercriminals calling themselves “Scattered Lapsus$ Hunters” has claimed duty for the breach on Telegram, sharing screenshots of an inner JLR SAP system and saying that they’ve additionally deployed ransomware on the corporate’s compromised programs.
This group claims to encompass cybercriminals related to the Lapsus$, Scattered Spider, and ShinyHunters extortion teams. This similar group can be behind widespread Salesforce knowledge theft assaults that used social engineering and stolen Salesloft Drift OAuth tokens to steal knowledge from quite a few firms.
The record of firms whose Salesforce cases have been breached in these assaults contains Google, Cloudflare, Elastic, Palo Alto Networks, Zscaler, Tenable, Proofpoint, CyberArk, BeyondTrust, JFrog, Fastly, Qualys, Workday, Cato Networks, HackerOne, BugCrowd, and Rubrik.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration developments.
