Jaguar Land Rover (JLR) experienced a cyber incident, as stated on September 2, 2025. According to the company’s statement, immediate action was taken upon discovering the cyberattack (shutting down systems proactively). At this time, there is no evidence that customer data was compromised. However, the organization has said that retail and production has been “severely disrupted.”
Security Leaders Weigh In
Mr. Agnidipta Sarkar, Chief Evangelist at ColorTokens:
JLR was attacked earlier, too. In March 2025, JLR was targeted by the HELLCAT ransomware group, which compromised Atlassian Jira credentials to steal hundreds of gigabytes of sensitive data. This new attack, leading to the systematic shutdown of production facilities and retail systems, suggests either a ransomware attack or a significant system compromise. Clearly, JLR needs to immediately implement capabilities to prevent lateral movement that attackers resort to after an initial breach, among other cybersecurity controls.
The attack poses a systemic cyber risk to the automotive supply chain, occurring at the confluence of IT and OT. This shutdown would eventually affect the entire supply chain. As a zero-trust ambassador, I can only state that it is time for organizations to implement a zero-trust foundation across IT, OT, and cloud.
Ms. Nivedita Murthy, Senior Staff Consultant at Black Duck:
The first step after detecting a security incident is containment. JLR did the right thing by shutting down its IT system before the attack spread further and caused damage. As part of post incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of it. This incident is another reminder to retailers that emphasizes the need to work on securing business operations as well as customer data to ensure smooth production and uncompromised trust in software, as attackers are increasingly targeting retail operators to access customer base information.
People within an organization tend to be the weakest links and any information gained on customers could be used for future phishing attacks or scams. The fraud industry is thriving, and more and more people are falling victim due to the fact a lot of information on customer activity is available online.
Mr. Piyush Pandey, CEO at Pathlock:
With widespread cyberattacks targeting retailers in recent months — and now expanding to manufacturers with the JLR incident — security teams across both sectors should strengthen security controls to reduce exposure. Ensuring the principle of least privilege is implemented on a continuous basis is a fundamental step in addressing this risk. That includes automating access reviews to revoke excessive permissions, promptly locking down emergency access, and continuously monitoring critical applications to detect and terminate unauthorized activity quickly.
Trey Ford, Chief Strategy and Trust Officer at Bugcrowd:
Not a lot is known publicly about the actual scope of impact, however, in operational technology environments, taking an environment fully offline to troubleshoot issues on the line is the expected practice. OT environments rely heavily on air gap protections — specifically isolating the network used for production from all other system (office, guest, and internet) networks. This is due to the lack of resilience and age-old system designs and architectures used by OT systems providers.
The time to see OT providers step into the modern, internet resilient age is upon us. These fragile systems will continue to be impacted until they’re built to stand up in the face of adversarial pressure — like all modern technology and services are today.