Since our last blog on the JLR cyberattack, new information has been brought to light about the attackers, as well as a historic record of breaches that you may not have been aware of. On September 2nd, 2025, Jaguar Land Rover (JLR) was hit by a major cyber incident that caused huge disruption. The attack forced global IT systems offline, stopped production lines, and even shut down retail operations — including the Halewood plant, where staff were sent home.
To make matters worse, the timing couldn’t have been more damaging. The attack occurred on the UK’s “New Plate Day,” a crucial date for car sales, meaning dealers were unable to register or deliver vehicles. This led to significant financial losses.
Hackers also posted screenshots of JLR’s internal systems online, raising concerns about what data may have been exposed. Some customer information has already been confirmed as breached.
On September 16th, Jaguar confirmed its investigation is still ongoing. Production has been suspended until at least September 24th, and supplier partners have been notified of the delays.
So far, the company hasn’t revealed exactly how much data was stolen or which systems were compromised. But this attack follows a worrying trend of hackers targeting the automotive industry.
This isn’t the first time JLR has been targeted. Earlier in 2025, the HELLCAT ransomware group claimed responsibility for a major breach that leaked hundreds of internal documents, including source code, development logs, and employee data.
The attack was made possible through stolen Jira credentials harvested by malware. The leaked data included personal details of JLR staff worldwide — a serious concern as it could fuel identity theft and phishing scams.
To make matters worse, another hacker known as “APTS” later released an even larger batch of JLR data, estimated at around 350GB, which contained information not included in the first leak.
A hacker group calling itself Scattered Lapsus$ Hunters has claimed responsibility. The name combines elements of three well-known cyber gangs: Scattered Spider, Lapsus$, and ShinyHunters — all previously linked to high-profile attacks on global businesses.
At this stage, JLR has not confirmed the group’s involvement or shared details about the full extent of the breach.
Cyberattacks on the automotive sector are on the rise, and this latest incident shows how devastating the impact can be — not just on business operations, but also on customers and employees. For Jaguar Land Rover, the road to recovery could take some time.
We hope you’ve liked this blog. Stay tuned for more blogs like this. Stay safe!
