📅 September 17, 2025 | ⏱ 5 min read | 🔐 Category: Cybersecurity
Jaguar Land Rover (JLR), the renowned British automaker, has announced an extension of its production shutdown for another week due to a severe cyberattack that disrupted its systems at the end of August. This decision underscores the significant impact of cyber threats on global operations and the automotive industry.
JLR, a standalone entity under Tata Motors India since its acquisition from Ford in 2008, employs approximately 39,000 people and produces over 400,000 vehicles annually. The company reported an annual revenue exceeding $38 billion (£29 billion), highlighting its substantial presence in the automotive market.
The cyberattack, disclosed by JLR on September 2, has significantly disrupted production, prompting the company to instruct staff not to report to work. Despite efforts to resume operations, JLR announced today that production will remain paused until at least September 24, 2025. The decision was made as the company continues its forensic investigation into the cyber incident and considers the stages of a controlled restart of its global operations.
While JLR confirmed that some data was stolen during the breach, the company has not attributed the attack to a specific cybercrime group. However, a group identifying as “Scattered Lapsus$ Hunters” has claimed responsibility for the cyberattack. This group, allegedly associated with the Scattered Spider, Lapsus$, and ShinyHunters extortion groups, posted screenshots of an internal JLR SAP system on a Telegram channel and claimed to have deployed ransomware on the company’s compromised systems.
Scattered Lapsus$ Hunters have also been linked to recent Salesforce data theft attacks, where they used social engineering tactics and compromised Salesloft Drift OAuth tokens to steal data from numerous high-profile companies, including Google, Cloudflare, Palo Alto Networks, Tenable, and Proofpoint.
The ongoing investigation and extended production shutdown highlight the complexities and challenges of responding to cyberattacks in the automotive industry. As JLR works to restore its operations, the incident serves as a stark reminder of the importance of robust cybersecurity measures and the potential impact of cyber threats on global supply chains.
At Cyberix, we are committed to helping businesses navigate the complexities of cybersecurity. Remember, in today’s digital world, it’s not just about being safe—it’s about being CyberixSafe.
Written by: Logan Elliott
Cyberix
https://cyberixsafe.com
