Thousands of employees at Jaguar Land Rover (JLR) have been instructed to 'remain at home', whilst customers face significant delivery delays following a cyber attack that compelled the firm to cease production across all its facilities.
The breach, which commenced on Sunday, brought operations at Britain's largest car manufacturer to a standstill across sites in Solihull, Halewood, Wolverhampton and Castle Bromwich, affecting retail systems during one of the year's peak periods for new vehicle registrations, as reported by .
Dealerships have been unable to process certain new '76' number plates introduced on 1 September, resulting in extended waiting times for customers, some of whom have already traded in their previous vehicles.
JLR, which operates under Indian conglomerate Tata Motors, confirmed it had "proactively shut down" systems to limit the cyber incident and was "working at pace" to reinstate normal operations.
The company emphasised there was "no evidence" of customer information being compromised and has notified the Information Commissioner's Office (ICO) of the breach.
Hacker group claims responsibility
A consortium known as 'scattered lapsus$ hunters', comprising an alliance of the 'shiny hunters', 'lapsus$' and 'scattered spider' factions, has taken credit for the attack.
These affiliated groups have all been connected to significant corporate security breaches over the past twelve months.
Sam Kirkman, director of services at NetSPI, observed that this incident demonstrates how increasingly unpredictable cybercriminals are becoming through collaborative efforts. "JLR has stated that they took proactive steps to contain the breach and minimise its impact, which is commendable" he said.
The company has disclosed only limited details regarding its involvement, with specialists warning that establishing responsibility in such incidents is frequently ambiguous.
Disruption at scale
The cyber attack's timing, aligning with the rollout of new registration plates, has been viewed as deliberate.
"Cybercriminals often aim for the biggest possible disruptive impact", contended Jake Moore, global cybersecurity advisor at ESET.
"Launching an assault when more customers are likely to experience potential delays...will have been a calculated move by the perpetrators."
Patrick Burgess, a cybersecurity expert at the Chartered Institute for IT, also cautioned the disruption could persist for "weeks, if not months", should the company's fundamental systems be compromised.
The National Crime Agency confirmed it was examining the matter and collaborating with partners to evaluate the incident.
Growing threat to manufacturers
The JLR security breach comes after a series of prominent cyber attacks targeting º£½ÇÊÓƵ retailers and manufacturers, including Marks & Spencer, Co-op and Harrods.
Bridgestone Americas also disclosed a "limited cyber incident" on Sunday, the same day as JLR, indicating the automotive industry is squarely in attackers' sights.
Comparitech figures revealed ransomware assaults on manufacturers surged 57 per cent between July and August alone. Specialists have stated that criminals view the sector as particularly susceptible due to the disruption caused by downtime.
"Phishing, social engineering and account compromise remain the most common route of attack, while the size of targeted companies such as Harrods, M&S and Jaguar Land Rover show that no company is immune," contended George Glass, associate managing director at Kroll.
For JLR, the immediate priority is resuming production lines that typically produce around 1,000 cars daily.
