Transcript
Jaguar Land Rover announced Tuesday that the company has been targeted by a cyberattack that has "severely disrupted" its production activities.
The British carmaker, which officially rebranded as JLR about two years ago, said it "took immediate action to mitigate its impact by proactively shutting down" its systems. The company says it is trying to restart its global applications in a "controlled manner."
JLR says it has no evidence that customer data has been compromised, but the incident also hit the company's retail business.
Most Read on IEN:
- Milwaukee Tool Employee Allegedly Shipped More Than $1 Million in Tools to Himself
- Over 600 Memphis FedEx Workers Laid Off as Cummins Moves Out of State
- GM's Futuristic Corvette Opens Like a Fighter Jet
- Podcast: Mine Swallowing Town; Colorado Dairy Tragedy; AirBorn Closes Plant
Nivedita Murthy, senior staff consultant at Black Duck, a Burlington, Massachusetts-based IT security provider, said containment is the appropriate first step after detecting a security incident. "Jaguar did the right thing by shutting down its IT system before the attack spread further and caused damage," she said. "As part of post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of [them]."
Murthy added that the incident is a reminder for companies to secure business operations and customer data, because, for example, attackers are increasingly targeting retail operators to access customer information. People within an organization often tend to be the weakest links, and the customer information gleaned from a breach is frequently used in future phishing attacks and scams.
Agnidipta Sarkar, chief evangelist at cybersecurity firm ColorTokens, noted that this wasn't the first attack on JLR. Sarkar told Industrial Equipment News (IEN) that the Hellcat ransomware group targeted JLR in March 2025. The group compromised Atlassian Jira project management software to steal sensitive data. Sarkar said the latest attack is likely a ransomware attack or a significant system compromise.
JLR is a subsidiary of Tata Motors. The production halt is another blow to the firm, which recently revealed a stark 49% drop in quarterly profits due to U.S. tariffs and weakening sales. Last August, the company said that it was essentially taking a year off from selling cars as it transitioned from internal combustion engine cars to a complete line of EVs. The company also experienced a brand crisis in November 2024 when it ditched its brand's iconic "leaper" Jaguar.
Jeff Reinke, host of the Security Breach podcast, said attacks targeting supply chains are growing in popularity because the pressure to pay the ransom has intensified. "The attack not only impacts the victim, but their partners up and down the supply chain," he said. "Distributors, logistics, retailers and more lean on these companies to figure it out and get back to business as usual as quickly as possible."
Reinke says the manufacturing industry continues to be a primary target for these types of attacks because its supply chains, especially in the automotive sector, are very complex and involve numerous players of all sizes. He said, "Jaguar's ability to react quickly probably helped not only to minimize the impact on their operations, but those of their supply chain partners as well."
Click here to subscribe to our daily newsletter featuring breaking engineering industry news.
WEBVTT
X-TIMESTAMP-MAP=LOCAL:00:00:00.000,MPEGTS:0
00:00.319 --> 00:05.599
Jaguar Land Rover announced Tuesday that the
company has been targeted by a cyberattack that
00:05.599 --> 00:09.029
has severely disrupted its production
activities.
00:09.199 --> 00:13.869
The British carmaker, which officially
rebranded as JLR about two years ago,
00:14.159 --> 00:20.719
said it took immediate action to mitigate its
impact by proactively shutting down its systems.
00:20.840 --> 00:26.510
The company says it is trying to restart its
global applications in a controlled manner.
00:26.799 --> 00:30.086
JLR
says it has no evidence that customer data has
00:30.086 --> 00:34.436
been compromised, but the incident also hit the
company's retail business.
00:34.686 --> 00:37.976
Niveita Murthy, senior staff consultant at
Black Duck,
00:38.125 --> 00:43.805
a Burlington, Massachusetts-based IT security
provider, said containment is the appropriate
00:43.805 --> 00:49.805
first step after detecting a security incident,
quote, Jaguar did the right thing by shutting
00:49.805 --> 00:54.566
down its IT system before the attack spread
further and caused damage.
00:54.922 --> 01:00.411
She said, quote, as part of post-incident
activity they would be able to identify how the
01:00.411 --> 01:03.762
attackers were able to access the systems and
take advantage of them.
01:03.972 --> 01:09.412
Murthy added that the incident is a reminder
for companies to secure business operations and
01:09.412 --> 01:15.741
customer data because, for example, attackers
are increasingly targeting retail operators to
01:15.741 --> 01:17.082
access customer information.
01:17.311 --> 01:21.891
People within an organization often tend to be
the weakest links and the
01:21.987 --> 01:26.928
customer information gleaned from a breach is
frequently used in future phishing attacks and
01:26.928 --> 01:30.417
scams.
Agni Deepta Sirkar, chief evangelist at
01:30.417 --> 01:35.847
cybersecurity firm ColorTokens, noted that
this wasn't the first attack on JLR.
01:36.138 --> 01:41.407
Sirkar told Industrial Equipment News that the
Hellcat Ransomware Group targeted JLR in March
01:41.407 --> 01:44.977
2025.
The group compromised Atlassian Jira project
01:44.977 --> 01:47.608
management software to steal sensitive data.
01:47.858 --> 01:52.344
Sirkar said the latest
attack is likely a ransomware attack or a
01:52.344 --> 01:53.833
significant system compromise.
01:54.103 --> 01:59.613
JLR is a subsidiary of Tata Motors.
The production halt is another blow to the firm,
01:59.624 --> 02:05.664
which recently revealed a stark 49% drop in
quarterly profits due to US tariffs and
02:05.664 --> 02:08.904
weakening sales.
Last August, the company said that it was
02:08.904 --> 02:13.623
essentially taking a year off from selling cars
as it transitioned from internal combustion
02:13.623 --> 02:16.503
engine cars to a complete line of EVs.
02:16.869 --> 02:22.460
The company also experienced a brand crisis in
November 2024 when it ditched its brand's
02:22.460 --> 02:27.809
iconic Leaper Jaguar.
Jeff Rake, host of the Security Breach podcast,
02:28.059 --> 02:32.580
said attacks targeting supply chains are
growing in popularity because the pressure to
02:32.580 --> 02:34.929
paying the ransom has intensified.
02:35.160 --> 02:40.339
Quote, the attack not only impacts the victim,
but their partners up and down the supply chain.
02:40.500 --> 02:45.690
He said distributors, logistics, retailers, and
more lean on these companies to figure it out
02:45.690 --> 02:49.550
and get back
business as usual as quickly as possible.
02:49.759 --> 02:53.720
Reinke says the manufacturing industry
continues to be a primary target for these
02:53.720 --> 02:58.509
types of attacks because its supply chains,
especially in the automotive sector,
02:58.720 --> 03:02.360
are very complex and involve numerous players
of all sizes.
03:02.520 --> 03:08.000
He said, quote, Jaguar's ability to react
quickly probably helped not only to minimize
03:08.000 --> 03:13.190
the impact on their operations but those of
their supply chain partners as well.
03:13.559 --> 03:16.039
I'm David Manti.
This is Manufacturing Now.
