Jaguar Land Rover has confirmed not only intense disruption to its operations after a cyberattack, but also that customer data was compromised.
In early September 2025, British carmaker Jaguar Land Rover (JLR) announced that they had experienced a serious cyberattack. The attack forced the company to shut down or disconnect many of its systems. The impact of this led to widespread disruption of both manufacturing plants and retail operations e.g. dealerships were unable to register new vehicles or supply spare parts.
Initially, JLR said there was no evidence that customer data had been stolen. However, as the investigation progressed, the company admitted that there had been a data breach.
When the Factory Lights Went Out
The cyberattack hit at one of JLR’s busiest times of the year – this is when new registration plates are launched in the UK – so it’s fair to say that this created a sense of urgency for JLR and gave the attackers a strong vantage point.
To minimize the impact of the attack, JLR had to shut down its systems all over the world. This meant factories in the UK, China, Slovakia, and India had to be closed. Staff were sent home, dealerships were left in limbo, and various companies within JLR’s supply chain were left facing bankruptcy.
At present, JLR has declined to publicly share the nature of the attack – a common step when an attack is still active to minimize any further exploitation. However, many experts suggest that disconnecting so many systems at once is a telltale sign of attempting to thwart the spread of ransomware.
While it has been confirmed that a data breach is likely to have occurred, JLR remain tight-lipped on exactly what data has been compromised. JLR are continuing to investigate the attack and has confirmed it will contact the relevant regulators when any breached data has been identified. At first, no responsibility was claimed for the attack, but a hacking group known as Scattered Spider has now stepped forward. Believed to comprise a collective of teenagers and young adults, Scattered Spider has already created headlines this year with their attacks on major British organizations.
Turning Lessons into Everyday Security
The attack which has struck at the heart of JLR, could easily be replicated against your own organization. Therefore, it’s crucial that you understand the best methods for fortifying your defenses and securing your data. Ophtek’s best tips to achieve this are:
- Keep Software and Devices Updated: Many attacks exploit vulnerabilities where patches are available but haven’t been installed. Accordingly, installing updates for your operating system, applications, and firmware can repair these security holes before hackers get in.
- Use Strong Passwords and Multi-Factor Authentication: Educate your employees on the importance of password security and how to create strong, unique passwords. And, where possible, always enable multi-factor authentication to install an additional layer of protection.
- Backup Securely: Regular backups are critical when it comes to securing your data. As well as creating regular backups, make sure that multiple backups are created and stored in both online and offline environments. The best way, in our opinion, is following the 3-2-1 backup method.
