Jaguar Land Rover (JLR) has revealed that a forensic investigation into the cyber attack on the company that took place on 31 August 2025 has found that data was stolen.
In a statement on its web site, the car maker said: “Since we became aware of the cyber incident, we have been working around the clock, alongside third‑party cyber security specialists, to restart our global applications in a controlled and safe manner.
“As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.
“We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”
A group of young Anglophone hackers who call themselves “Scattered Lapsus$ Hunters” have claimed responsibility for the attack.
According to Sky News, it will be at least Monday 15 September before production staff can get back to work at what is the UK’s largest car manufacturer.
The UK cyber security community continues to offer commentary, as details of the attack emerge.
In an opinion article for Computer Weekly, Dominic Holden, a director at law firm Lawrence Stephens wrote: “The lesson from the JLR incident is simple: cyber security is no longer just an IT problem – it is a boardroom issue. Boards must demand robust planning, allocate resources and ensure rehearsals are carried out. Only then can a business minimise financial and reputational damage when an attack occurs.”
Jon Abbott, founder and CEO of cyber security software provider ThreatAware said: “The theft of data only deepens what is already a painful situation for Jaguar Land Rover. Any disruption to operations and delays to production damage a business’s brand, and the addition of stolen data only further undermines customer trust and relationships.
“Customers should be extra vigilant for phishing attacks or scams that attempt to steal their personal and financial information. If they receive unsolicited emails claiming to be from Jaguar Land Rover and asking for sensitive information, they should exercise extreme caution”.
Darren Williams, CEO and founder of anti-data exfiltration specialist supplier BlackFog said: “The Scattered Spider group has claimed responsibility and data exfiltration was a significant part of its previous attacks. Past incidents have seen attackers getting their hands on large volumes of customer information, which not only carry a value on the dark web but can also be used in identity theft and targeted attacks. Data exfiltration is now the primary [activity] of these ransomware gangs, and organisations must concentrate their defences on stopping intruders from accessing and stealing their mission-critical information.”
And Robert Cottrill, technology director at cloud security services firm ANS said: “The confirmation that data has been compromised steps up the level of severity of Jaguar Land Rover’s cyber attack. The automotive industry’s vast stores of customer, supplier, and employee data make it a prime target for cyber criminals.”
