Jaguar Land Rover says cyberattack majorly affected production

News
By published

Recent incident at the luxury carmaker forced it to shut down its IT network

Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
(Image credit: Shutterstock)
  • Jaguar Land Rover suffered a cyberattack that disrupted production and retail, forcing system shutdowns and plant closures
  • The breach was detected in real time, limiting damage; no customer data theft has been confirmed
  • No group has claimed responsibility, and the nature of the attack remains unclear, though ransomware or data theft are possible motives

Luxury car manufacturer Jaguar Land Rover (JLR) suffered a cyberattack that “severely disrupted” its production and retail activities.

On its corporate website, it issued a brief statement, confirming the breach: “JLR has been impacted by a cyber incident,” the notice reads. “We took immediate action to mitigate its impact by proactively shutting down our systems.”

In its report, the BBC says the disruptions affected two of its main UK plants. The attack took place last Sunday, and apparently the company’s defenders spotted it as it was happening, reducing its impact. The effects were still felt across the company, as workers at both the Halewood plant in Merseyside and the Solihull plant were told to stay home on Monday. Those who checked in early were sent home, as well.

Restarting production

“We are now working at pace to restart our global applications in a controlled manner,” JLR continued. “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

At the same time, Tata Motors - JLR’s parent company - filed a new report with the Bombay Stock Exchange, in which it described the attack as an “IT security incidence” that is causing global issues. The National Crime Agency said: "We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact."

So far, no threat actors claimed responsibility for the attack, so we don’t know if this was a ransomware incident, or a more simple data smash-and-grab. Usually, companies shut down parts of their IT infrastructure to contain a ransomware strike, since these encrypt endpoints and render them useless, while at the same time exfiltrating sensitive data to be later used as leverage in the negotiations.

Still, many ransomware operators have moved past encrypting systems, claiming the process is too expensive, cumbersome, and unreliable, and are focusing on data exfiltration only.

Via BBC

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.