Jaguar Land Rover hit by cyberattack, receives £1.5 billion UK loan guarantee
Incident
Summary
Hide ▲
Show ▼
Jaguar Land Rover (JLR) confirmed that attackers stole some data in a recent cyberattack that severely disrupted production and forced the company to shut down systems and keep staff from reporting to work. JLR said it is working with the U.K. NCSC and relevant regulators as it restores systems in a controlled way, but it has not attributed the intrusion to a specific group. A group calling itself Scattered Lapsus$ Hunters has claimed responsibility on Telegram and said it deployed ransomware, while also linking the activity to broader Salesforce data theft operations.
Related Happenings
UK government FCA Bank of England and **CMORG** Issued a statement urging firms to actively manage frontier AI cyber risks and strengthen defenses for **May 15** and ongoing
Public Sector Action
First: 18.05.2026 12:00
Last: 18.05.2026 12:00
Sources 1
About this happening:
The **UK government**, **FCA**, and **Bank of England** issued a **May 15** statement telling **UK financial services firms** to actively manage **frontier AI** cyber risks, becau...
UK government FCA Bank of England and **CMORG** Issued a statement urging firms to actively manage frontier AI cyber risks and strengthen defenses for **May 15** and ongoing
Public Sector ActionAbout this happening: The **UK government**, **FCA**, and **Bank of England** issued a **May 15** statement telling **UK financial services firms** to actively manage **frontier AI** cyber risks, becau...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive Guidance
First: 13.05.2026 12:05
Last: 13.05.2026 12:05
Sources 1
About this happening:
The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
UK Cyber Resilience Pledge pushes board-level security and supply-chain hardening
Defensive GuidanceAbout this happening: The **UK government's Cyber Resilience Pledge** will launch later this year, giving organizations a concrete set of steps to strengthen defenses and reduce supply-chain risk. It a...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
Campaign
First: 20.04.2026 23:02
Last: 20.04.2026 23:02
Sources 1
About this happening:
The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure
CampaignAbout this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...
NCSC-led NHS cyber resilience program
Public Sector Action
First: 20.04.2026 12:30
Last: 20.04.2026 12:30
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** has outlined an **ongoing cyber resilience plan** for the **National Health Service (NHS)**, with the effort aimed at reducing ris...
NCSC-led NHS cyber resilience program
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** has outlined an **ongoing cyber resilience plan** for the **National Health Service (NHS)**, with the effort aimed at reducing ris...
2025 Automotive carmakers ransomware surge
Target Trend
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
2025 Automotive carmakers ransomware surge
Target TrendAbout this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
Timeline
-
26.09.2025 22:59 1 articles · 8mo ago
Scattered Lapsus$ Hunters breach Jaguar Land Rover
Exploitation ObservedScattered Lapsus$ Hunters, a collaboration involving hackers from ShinyHunters, Scattered Spider, and the Lapsus$ group, attacked Jaguar Land Rover on Aug. 31, 2025.
Show sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
-
26.09.2025 22:59 3 articles · 8mo ago
Jaguar Land Rover pauses production after the breach
Victim Impact UpdateJaguar Land Rover paused production the following day, factory lines remained halted, and employees were instructed to stay home for weeks while the company managed the disruption.
Show sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Jaguar Land Rover confirms data theft after recent cyberattack — www.bleepingcomputer.com — 10.09.2025 18:29
-
26.09.2025 22:59 3 articles · 8mo ago
Jaguar Land Rover begins phased restoration
Victim Impact UpdateWeeks after the Aug. 31 attack, Jaguar Land Rover was still recovering and had begun a phased restoration of its operations by late September.
Show sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- UK govt backs JLR with £1.5 billion loan guarantee after cyberattack — www.bleepingcomputer.com — 29.09.2025 19:31
- Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business — www.darkreading.com — 03.10.2025 18:30