CyberHappenings logo
🏠 Home 📂 Browse ℹ️ About

Jaguar Land Rover Cyberattack Disrupts Production and Retail Operations

First reported
Last updated
📰 2 unique sources, 3 articles

Summary

Hide ▲

Jaguar Land Rover (JLR) experienced a cyberattack that severely disrupted its production and retail operations. The incident forced the company to shut down several systems over the weekend, including those at the Solihull plant. Customer data appears to have been affected. JLR is working to restore operations but has not provided a timeline or details about the attack. The attack occurred during the launch of new registration plates, a busy period for JLR. This is the second cyberattack JLR has suffered this year. The incident had a global impact, affecting multiple manufacturing plants in the UK. No ransomware group has officially claimed responsibility, but a group called "Scattered Lapsus$ Hunters" has claimed involvement. JLR operates under Tata Motors India and produces over 400,000 vehicles annually, employing 39,000 people.

Timeline

  1. 10.09.2025 18:29 📰 1 articles

    Data Theft Confirmed and Potential Attacker Identified

    Jaguar Land Rover (JLR) confirmed that attackers stole "some data" during the recent cyberattack. The company has notified the relevant authorities about the data breach. JLR has been working with the U.K. National Cyber Security Centre (NCSC) to investigate the incident. A group calling themselves "Scattered Lapsus$ Hunters" has claimed responsibility for the breach on Telegram, sharing screenshots of an internal JLR SAP system and claiming to have deployed ransomware. This group is associated with Lapsus$, Scattered Spider, and ShinyHunters extortion groups and is known for widespread Salesforce data theft attacks using social engineering and stolen Salesloft Drift OAuth tokens.

    Show sources
    Open in new tab
  2. 02.09.2025 17:23 📰 2 articles

    Jaguar Land Rover Cyberattack Disrupts Production and Retail Operations

    Jaguar Land Rover (JLR) experienced a cyberattack that severely disrupted its production and retail operations. The incident forced the company to shut down several systems over the weekend, including those at the Solihull plant. Customer data appears unaffected. JLR is working to restore operations but has not provided a timeline or details about the attack. The attack occurred during the launch of new registration plates, a busy period for JLR. This is the second cyberattack JLR has suffered this year. The incident had a global impact, affecting multiple manufacturing plants in the UK. No ransomware group has claimed responsibility. JLR operates under Tata Motors India and produces over 400,000 vehicles annually, employing 39,000 people.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Bridgestone Americas manufacturing facilities impacted by cyberattack

Bridgestone Americas, the North American arm of Bridgestone, is investigating a cyberattack affecting multiple manufacturing facilities in North America. The incident impacted operations in Aiken County, South Carolina, and Joliette, Quebec, leading to the suspension of operations at the latter. Bridgestone's rapid response reportedly contained the attack early, preventing customer data theft or deep network infiltration. The attack began on September 2, 2025. Bridgestone operates 50 production facilities and employs 55,000 people in North America, representing roughly 43% of Bridgestone Corporation's total size. The company is working to mitigate the impact and maintain business continuity. No threat actor or group has claimed responsibility for the attack.

Open in new tab

Nevada State Cyber Attack: CISA and Partners Provide Real-Time Incident Response

On August 24, 2025, a cyber attack targeted Nevada, impacting essential services. The Cybersecurity and Infrastructure Security Agency (CISA) and its partners are providing real-time incident response to assist the state in restoring critical services and rebuilding its systems. The investigation into the attack's origins is ongoing. CISA's Threat Hunting teams are actively examining state networks to identify the full scope of the incident and mitigate threats. The Federal Bureau of Investigation (FBI) is assisting in the investigation, and the Federal Emergency Management Agency (FEMA) is advising on emergency response grants and other available assistance. CISA has cybersecurity experts embedded in communities nationwide, offering a range of no-cost services to protect governments’ networks and critical services.

Open in new tab

Data I/O hit by ransomware attack impacting operations

Data I/O, a Redmond, Washington-based tech manufacturer, experienced a ransomware attack on August 16, 2025. The incident affected shipping, manufacturing, production, and other functions. The company activated incident response protocols, taking systems offline and implementing mitigation measures. As of August 21, 2025, the full scope and impact of the attack remain unknown, and the company is still working to restore affected systems. The attack has not yet been determined to have a material impact on the company's financial statements and results of operations, but the costs related to the incident, including cybersecurity experts and system restoration, are expected to be significant.

Open in new tab

Citrix NetScaler ADC and Gateway vulnerabilities actively exploited

Citrix has released patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway. One of these vulnerabilities, CVE-2025-7775, is a zero-day flaw actively exploited in the wild. The flaws affect various configurations and can lead to remote code execution, denial-of-service, or improper access control. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to remediate the flaw within 48 hours. The vulnerabilities were discovered by security researchers Jimi Sebree, Jonathan Hetzer, and François Hämmerli. Nearly 20% of NetScaler assets identified are on unsupported, end-of-life versions, primarily in North America and the APAC region.

Open in new tab

Lab-Dookhtegan hacktivists disrupt Iranian maritime communications

Hacktivist group Lab-Dookhtegan disrupted communications on dozens of Iranian cargo ships and tankers. The attack involved gaining administrative access to Linux systems running the ships' satellite terminals, disabling critical software, and overwriting storage partitions. The incident affected 25 cargo ships and 39 tankers operated by the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL). The attackers exploited a vulnerability in an IT vendor's systems, gaining access as early as May 2025. They systematically destroyed data and rendered automatic identification systems (AIS) and satellite links inoperable. The disruption could result in weeks or months of downtime per ship. The attack coincides with geopolitical tensions and US sanctions against Iranian companies.

Open in new tab