"JLR was attacked earlier, too. In March 2025, JLR was targeted by the HELLCAT ransomware group, which compromised Atlassian Jira credentials to steal hundreds of gigabytes of sensitive data. This new attack, leading to the systematic shutdown of production facilities and retail systems, suggests either a ransomware attack or a significant system compromise. Clearly, JLR needs to immediately implement capabilities to prevent lateral movement that attackers resort to after an initial breach, among other cybersecurity controls."
"The first step after detecting a security incident is containment. JLR did the right thing by shutting down its IT system before the attack spread further and caused damage. As part of post incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of it. This incident is another reminder to retailers that emphasizes the need to work on securing business operations as well as customer data to ensure smooth production"
Jaguar Land Rover experienced a cyber incident that prompted immediate, proactive shutdowns of systems on September 2, 2025. The company reports no current evidence of customer data compromise, while retail and production have been severely disrupted. Prior breaches in March 2025 involved the HELLCAT ransomware group compromising Atlassian Jira credentials and exfiltrating hundreds of gigabytes of sensitive data. The recent disruption suggests either ransomware or a significant system compromise and highlights the need to block lateral movement within networks. Experts recommend containment, post-incident root-cause identification, and rapid adoption of zero-trust controls across IT, OT, and cloud to protect the automotive supply chain.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]