- JLR confirmed data theft after initially denying it
- Hackers called “Scattered Lapsus$ Hunters” claimed responsibility
- The nature of the stolen data remains unclear
It seems that cybercriminals who struck Jaguar Land Rover in late August stole sensitive company files, after all.
The luxury carmaker recently published an updated announcement regarding the incident, and confirmed that data theft happened, despite initial skepticism.
In the final days of August, Jaguar Land Rover announced suffering a cyberattack that “severely disrupted its production and retail activities”.
Scattered Lapsus$ Hunters
It was forced to shut down parts of its infrastructure to the point of having to halt entire productions and sending employees home. According to the BBC, three plants were affected: the ones in Solihull, Halewood and Wolverhampton.
However, at the time it said that it didn’t believe data was taken.
Now, an updated announcement states otherwise: “As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”
Jaguar Land Rover issued a rather terse statement, not detailing the type or nature of the data stolen. Therefore, we don’t know if it belongs to employees, customers, or partners and other businesses.
In the meantime, a group calling itself “Scattered Lapsus$ Hunters” claimed responsibility for the attack.
The hacking collective, apparently made from the merger of three notorious cybercrime groups, was apparently bragging about the attack on Telegram, sharing screenshots which seem to be from inside JLR’s IT infrastructure. They were also cracking jokes about the breach, asking “Where is my new car, Land Rover?” and similar.
The hackers shared a few screenshots as proof of their claims, which seem to be showing internal instructions for troubleshooting a car charging issue, as well as internal computer logs.
However, the crooks did not confirm if they actually stole any files, or managed to deploy any malware, and cybercriminals are often keen to exaggerate their claims.
Jon Abbott, founder and CEO of ThreatAware, commented on the latest update from JLR, “The theft of data only deepens what is already a painful situation for Jaguar Land Rover. Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships."
"Customers should be extra vigilant for phishing attacks or scams that attempt to steal their personal and financial information. If they receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution," Abbott continued.
"The immediate step any Jaguar Land Rover customer should take is to change their password and enable multi-factor authentication; this reduces the risk of cybercriminals compromising their account if they haven’t already done so."
"Being able to stop attacks before they impact business systems and data is key. Clearly the current methods to detect are not working in isolation – your cyber hygiene has to be in place. It is the only way.”
Via BBC
You might also like
- Jaguar Land Rover says cyberattack majorly affected production
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.