British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack.
In a brief notice on Tuesday, the company said it disconnected its systems, which severely impacted both retail and manufacturing operations.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems,” a JLR spokesperson told SecurityWeek.
“We are now working at pace to restart our global applications in a controlled manner. At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted,” the spokesperson said.
The company refrained from sharing details on the type of cyberattack it fell victim to, but disconnecting systems for containment purposes is the typical response to ransomware.
The operational disruption also suggests that file-encrypting malware might have been involved, but SecurityWeek has not seen any known ransomware groups claiming the attack.
“The attack hit Jaguar Land Rover during one of their busiest times of the year – when new registration plates are launched. This type of situation gives attackers substantial leverage over their victims,” OPSWAT SVP James Neilson said in an emailed comment.
In a Monday filing with BSE India (formerly Bombay Stock Exchange), JLR parent company Tata Motors said the security incident had a global impact.
“We are working at pace to resolve global IT issues impacting our business. We will provide an update as appropriate in due course,” the JLR statement submitted with BSE India reads.
SecurityWeek understands that the incident occurred over the weekend, and that JLR closed several manufacturing plants in the UK as a result.
“Jaguar Land Rover has confirmed a cyberattack that disrupted production and dealer operations across its global network, including shutdowns at its Solihull plant. The incident left UK dealers unable to register new vehicles or supply parts, and the company has not disclosed the nature of the attack or a timeline for recovery,” SecurityScorecard chief threat intelligence officer Ryan Sherstobitoff said.
This is the second cyberattack that JLR has suffered this year, after hackers claimed the theft of source code and tracking data from the company in March.
“This isn’t the first time that a cyberattack has impacted Jaguar Land Rover’s internal systems. It raises the question of whether vulnerabilities from the prior attack still exist and were exploited to breach the company this time around,” Swimlane lead security automation architect Nick Tausek said.
Cybersecurity experts also pointed out that the attack exposes the fragility of increasingly digitalized operations, where tightly integrated systems that support a broad range of activities require strong cyber hygiene, robust authentication and authorization, and enhanced data flow protection.
“Cyber resilience is fundamental to overall business resilience, and the cost of disruption can be hugely damaging. In a sector so dependent on operational uptime, no manufacturer will want to become the focus of future cyber incident headlines,” ThreatAware founder and CEO Jon Abbott said.
| Learn More at SecurityWeek’s ICS Cybersecurity Conference The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.  October | Atlanta www.icscybersecurityconference.com |
Related: Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions
Related: Pakistani Hackers Back at Targeting Indian Government Entities
Related: Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
Related: Germany’s Green Party Says Email System Hit by Cyberattack
