Jaguar Land Rover (JLR) data theft during breach
Data Leak
Summary
Hide ▲
Show ▼
Jaguar Land Rover (JLR) confirmed that attackers stole some data during a cyberattack that disrupted production and forced systems offline. The company said its investigation is ongoing with the U.K. NCSC and relevant regulators, and it has not attributed the intrusion to a specific group. JLR also said it will contact affected people if its forensic work finds their data was impacted. A separate claim from Scattered Lapsus$ Hunters says the group deployed ransomware and posted internal SAP screenshots on Telegram, but that claim is not yet attributed by JLR.
Related Happenings
Vercel hit by network compromise
Incident
First: 19.04.2026 20:32
Last: 19.04.2026 20:32
Sources 1
About this happening:
Vercel disclosed unauthorized access to certain internal systems and said a limited subset of customers was affected, while services remained operational during the investigation...
Vercel hit by network compromise
IncidentAbout this happening: Vercel disclosed unauthorized access to certain internal systems and said a limited subset of customers was affected, while services remained operational during the investigation...
Latest development: 21.04.2026 00:01
Vercel disclosed that attackers used a compromised OAuth token tied to a Vercel employee's Google Workspace account and access to Context.ai to reach some Vercel environments and environment variables that were not marked as sensitive, and the company said a limited subset of customers had Vercel credentials compromised and were told to rotate them. Vercel said sensitive environment variables were not known to be accessed and that it was working with Mandiant, other security firms, Context.ai, and law enforcement while keeping services operational; Context separately said it had identified and stopped an AWS breach last month and later learned the actor likely also compromised OAuth tokens for some consumer users.
Over a dozen companies data exposed after SaaS integration provider Snowflake breach
Data Leak
First: 07.04.2026 22:39
Last: 07.04.2026 22:39
Sources 1
About this happening:
A stolen-token attack from a **SaaS integration provider breach** has led to data theft claims affecting **over a dozen companies**, creating immediate exposure and extortion risk...
Over a dozen companies data exposed after SaaS integration provider Snowflake breach
Data LeakAbout this happening: A stolen-token attack from a **SaaS integration provider breach** has led to data theft claims affecting **over a dozen companies**, creating immediate exposure and extortion risk...
Aura customer data exposed after Aura breach
Data Leak
First: 19.03.2026 00:56
Last: 19.03.2026 00:56
Sources 1
About this happening:
Aura confirmed a **data leak** that exposed nearly **900,000 customer records**, creating privacy and phishing risk for affected customers. The exposed set included **names**, **e...
Aura customer data exposed after Aura breach
Data LeakAbout this happening: Aura confirmed a **data leak** that exposed nearly **900,000 customer records**, creating privacy and phishing risk for affected customers. The exposed set included **names**, **e...
Wynn Resorts hit by cyberattack
Incident
First: 24.02.2026 23:51
Last: 24.02.2026 23:51
Sources 1
About this happening:
**Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
Wynn Resorts hit by cyberattack
IncidentAbout this happening: **Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
Jaguar Land Rover (JLR) hit by cyberattack
Incident
First: 06.01.2026 13:15
Last: 06.01.2026 13:15
Sources 1
How related:
"Today we have informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025," JLR said.
About this happening:
**Jaguar Land Rover (JLR)** said a **September ransomware attack** knocked out production for **several weeks** and caused **£196m ($258m)** in cyber-related costs, adding to **£4...
Jaguar Land Rover (JLR) hit by cyberattack
IncidentHow related: "Today we have informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025," JLR said.
About this happening: **Jaguar Land Rover (JLR)** said a **September ransomware attack** knocked out production for **several weeks** and caused **£196m ($258m)** in cyber-related costs, adding to **£4...
Timeline
-
16.09.2025 16:08 3 articles · 8mo ago
JLR confirms data theft and extends production pause
Victim Impact UpdateJaguar Land Rover (JLR) confirmed that attackers stole some data from its network, told staff not to report to work, kept its production pause in place until Wednesday 24th September 2025, and faced a separate responsibility claim from Scattered Lapsus$ Hunters, which said it had deployed ransomware and posted internal JLR SAP system screenshots on Telegram.
Show sources
- Jaguar Land Rover extends shutdown after cyberattack by another week — www.bleepingcomputer.com — 16.09.2025 16:08
- Jaguar Land Rover extends shutdown after cyberattack by another week — www.bleepingcomputer.com — 16.09.2025 16:08
- Jaguar Land Rover confirms data theft after recent cyberattack — www.bleepingcomputer.com — 10.09.2025 18:29
-
02.09.2025 03:00 1 articles · 8mo ago
JLR discloses cyberattack and production disruption
Initial DisclosureJaguar Land Rover (JLR) disclosed a cyberattack on September 2, said its production had been significantly disrupted, and began working to resume operations.
Show sources
- Jaguar Land Rover extends shutdown after cyberattack by another week — www.bleepingcomputer.com — 16.09.2025 16:08