Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Jaguar Land Rover’s retail and production systems are offline, but the luxury carmaker says customer data is not impacted.
Carmaker Jaguar Land Rover (JLR) has disclosed that it is in the process of recovering from a significant cyber attack.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems,” Jaguar Land Rover said in a recent but undated statement on its corporate website.
“We are now working at pace to restart our global applications in a controlled manner. At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted.”
The breach was also disclosed by the luxury car company in a regulatory filing to the Indian stock exchange dated 1 September, using much the same comment. Jaguar Land Rover is owned by the Indian company Tata Motors.
JLR has not indicated the nature of the attack, nor has any known hacking group claimed responsibility for it.
Jaguar Land Rover is no stranger to cyber attacks in recent times. A hacker on a popular hacking forum claimed to have stolen several hundred files from the company in March 2025.
“In March 2025, Jaguar Land Rover – a renowned global automotive brand with reported revenue of $29.9 billion – suffered a major data breach,” the hacker, calling themself Rey, said.
“The leak includes around 700 internal documents (development logs, tracking data, source codes, etc.) and a compromised employees dataset exposing sensitive information such as username, email, display name, time zone, and more.”
The hacker posted a sample of the data, which appeared to feature the details of several JLR employees. JLR did not respond to Cyber Daily at the time of the hacker’s claim.
According to cyber security firm Hudson Rock, Rey was a representative of the Hellcat ransomware operation. Rey later claimed that their entry point into JLR’s network was an Atlassian Jira instance, which Rey had earlier harvested from an LG Electronics employee the year before.
“Despite their age, the credentials remained valid and unchanged within JLR’s systems – a lapse that hackers exploited years later,” Hudson Rock said in a blog post at the time.
“This delay between infection and exploitation is a reminder of the long tail of info-stealer campaigns, where stolen data can linger as a latent threat until the right buyer comes along.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
