Jaguar Land Rover has confirmed that the cyber attack on its IT systems over a week ago has resulted in some data being compromised.
The car maker, which was forced to immediately shut down its global online systems following the breach late on Sunday 31 August, had previously stated there had been ‘no evidence any customer data has been stolen’.
But in a fresh statement issued today, it said: ‘As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.
‘Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.’
When pressed by the Daily Mail regarding whether this is customer data, a JLR spokesperson refused to comment beyond the official statement provided.
Earlier this week, Britain’s second biggest car maker revealed it has drafted in third-party cybersecurity specialists and law enforcement to understand the full consequences of the attack, with the company already shutting down operations at its UK factories as well as plants in Slovakia, India and Brazil.
The crippling impact of the cyber breach threatens to disable the car maker’s operations ‘for weeks’, with its UK workforce told they will not be returning to assembly lines until Monday at the very earliest.
The fallout from the cyber breach has been described as the British vehicle manufacturer’s ‘worst crisis since the pandemic’, with the attack immobilising much of the business and limiting the number of new models retailers can register in one of the busiest months of the year.
Jaguar Land Rover has confirmed that the cyber attack on its IT systems over a week ago has resulted in some data being compromised
Last Wednesday, the young English-speaking hackers – who are thought to be teens calling themselves ‘Scattered Lapsus$ Hunters’ – confirmed it was behind the breach of JLR’s systems.
This is the same group responsible for the highly damaging attack on Marks and Spencer earlier in the year.
Despite owning up to the breach, they have yet to confirm if they have successfully stolen private data from JLR or installed malicious software onto the company’s network.
However, security experts who have analysed the images shared by the group have previously warned they appear to have successfully accessed information they should not have.
The hacker posted two images last week showing apparent internal instructions for troubleshooting a car charging issue and internal computer logs.
Co-op, which alongside M&S and Harrods also fell victim to hackers in spring this year, had too initially stated on 30 April that a breach of its IT systems would only have a ‘small impact’ on its call centre and back office.
But two months later in July its chief executive confirmed that all 6.5million of its members had their data stolen as a result of the attack.
In a statement issued on Wednesday, JLR said: ‘As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.’ It has yet to confirm if this is in fact customer data
The crippling impact of the cyber breach threatens to disable the car maker’s operations ‘for weeks’, with its UK workforce told they will not be returning to assembly lines until Monday at the very earliest
JLR factory workers told to stay home for the rest of the week
In the statement given today, a JLR spokesperson added: ‘We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.’
Staff at its UK vehicle plants in Halewood, Merseyside and Solihull in the West Midlands – and its engine manufacturing centre in Wolverhampton – were sent home a week ago Monday.
They’ve yet to return after the company disabled its IT network to halt the attack, rendering its computer systems useless since.
The Daily Mail understands that factory workers have today been instructed to not report for duties until Monday 15 September at the very earliest, meaning JLR will not have built a new vehicle for a fortnight.
While it continues to attempt to reboot and reinstate its online applications in a ‘controlled and safe manner’, dealers also face difficulties registering new models during one of the calendar’s busiest months for car sales.
In the meantime. online catalogues of spare parts cannot be accessed, and diagnostic equipment used to identify reliability issues are not working, which means thousands of existing customers could face repair delays.
According to The Times, JLR bosses behind closed doors have already conceded that it will take ‘a matter of weeks rather than days’ to bring its systems back online.
The car maker, which was forced to immediately shut down its global online systems following the breach late on Sunday 31 August, had previously stated there had been ‘no evidence any customer data has been stolen’
But the ‘long tail’ ramifications could affect the business for even longer, with suppliers already raising concerns about the impact of its near operation-wide shutdown.
Local companies providing parts of JLR vehicles have already temporarily laid off workforces in response.
There have been suggestions that the government could be forced to step in with financial support to cushion the impact on JLR’s suppliers.
David Bailey, professor of business economics at Birmingham University, warns the impact of last Sunday’s attack should not be underestimated, saying it could cost the car maker a ‘catastrophic’ £5million a day.
Worse still for JLR, potential customers could likely go elsewhere for new models whole retailers are unable to freely register new vehicles to the road.
The Daily Mail understands that factory workers have today been instructed to not report for duties until Monday 15 September at the very earliest, meaning JLR will not have built a new vehicle for a fortnight
Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, told the Daily Mail: ‘This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.
‘Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.’
Agha added that restarting these systems is a ‘complex’ operation.
‘While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.
‘Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.’
A spokesperson for the National Cyber Security Centre has said it is working with JLR to ‘provide support’ as it continues to understand the full ramifications of the breach.
