Jaguar Land Rover Cyber Attack: Disruption Could Last Until November
Jaguar Land Rover (JLR) has informed suppliers that production will remain suspended until at least the 24th of September following a cyber attack that occurred at the end of August. Industry experts, however, have warned that the disruption could drag on well into November, which has been dismissed by JLR as nothing more than “speculation”.
How the incident played out
The incident that caused all of this was detected by JLR on the 31st of August and led to production lines and IT systems being proactively shut down to contain the breach.
The next day, all factory employees were asked to stay at home and not come into work, with various systems necessary for production lines to run being taken offline as a result of the incident.
Since then, production across JLR’s sites in the UK such as Wolverhampton, Halewood and Solihull, and overseas sites, including those in India and China, have also ceased operations, have ceased operations while the company works with both a team of third‑party cybersecurity specialists and law enforcement to safely restore systems.
Initially, JLR stated that they don’t believe that any personal data has been compromised by the breach, though it has since revised this statement, saying that “some” personal data has been affected. At this point in time, it remains unclear exactly how much data was compromised or what type of information may have been exposed.
It is yet to be confirmed who is responsible for this attack, and how exactly they gained access, though a cybercrime group going by the name “Scattered Lapsus$ Hunters”, likely a combination of members from the Scattered Spider, Lapsus$, and ShinyHunters groups, have claimed responsibility.
Scattered Spider are especially notable, with them being linked to several high-profile attacks this year against UK retailers including the Co-op, Harrods and Marks and Spencer, with the latter leading to disruption and downtime in some areas for as long as 15 weeks. In July, four individuals, three of whom were teenagers, were arrested at UK addresses as part of the ongoing investigation into these incidents.
The impact of this incident
Experts have estimated that JLR are losing up to £72 million per day since production lines ground to a halt, with roughly 1,000 cars per day not being built. Should disruption continue into November, forecasts suggest the company could face more than £3.5 billion in lost revenue and a profit loss of around £250 million.
Beyond immediate losses, JLR also faces strategic risks. The outage threatens its ability to deliver on key vehicle programs and maintain momentum during their recent transition to selling electric vehicles. In addition to the expected losses, further ones may come from a loss of investor and customer confidence and trust, with the reputational damage from this compounding financial strain.
It’s clear that the attack has had severe JLR, but is also extends well beyond the immediate shutdown of its UK and overseas factories, with the consequences for suppliers being equally as severe. Many have had orders paused entirely, cutting off critical cash flow. Some suppliers have already laid off workers or reduced pay, in certain cases down to zero. Should key suppliers go out of business due to this, JLR will struggle to restart production even once its own systems are restored.
Many have been instructed to apply for Universal Credit to cover lost income, which further raises concerns about job security in the long term. At this point, it’s still unknown when operations will resume. It is believed that up to 100,000 jobs may be linked, either directly or indirectly, with the JLR supply chain.
What can we learn from this?
While this story is developing and we don’t have a full understanding of the incident yet, there are still a few key points we can take away from this:
When an incident occurs, transparency is critical: JLR initially stated no personal data had been compromised, only to later confirm that “some” data was affected. In line with Article 33 of UK GDPR, the ICO must be informed of a breach within 72 hours of discovery. In many cases, such as when a serious breach like this happens, you may not have a full picture by the time this deadline is up. Regardless, it’s vital to remain transparent, inform them of what you know at the time, and follow up with additional information as and when you receive it.
Your incidents can have long reaching consequences: The attack didn’t just affect JLR’s internal operations, it also has a serious impact on suppliers worldwide. When an incident occurs, there is a risk that the suppliers you work with are impacted too, and vice versa. In some cases, it could be a supplier that is affected by a breach which may impact you. If your business relies on third-party suppliers to operate, it is your responsibility to ensure their processing activities meet legal requirements. Should one of your suppliers suffer a breach involving personal data that you supplied, there is a chance that you are held partially liable for not completing the appropriate due diligence. If you’re worried about this, take a look at how Privacy Helper can assist with completing the necessary supplier due diligence.
Incident response planning needs to be comprehensive: In this instance, the scale of disruption shows the importance of having a of well-tested incident response and disaster recovery plan which cover not only IT restoration but also your data protection responsibilities.
Reputational damage from poor data handling can be severe: At this time, there is no confirmation mass data theft, like there was with other recent large-scale breaches. Depending on the type and amount of data compromised, this could lead to damaged trust just as much as the breach itself. If customers begin to doubt JLR’s ability to protect their personal data, they may think twice before buying from the brand in the future.
Next Steps
Ensuring that you handle, process and store personal data in a way that’s in line with the law isn’t easy. To be confident that you’re compliant, and to address any concerns you may have, contact PRIVACY HELPER today, and let us remove the stress of managing data compliance in your business.
Additionally, to learn more about other recent cyber attacks, take a look at some of our other recent blog posts.
Follow us on LinkedIn.
