Jaguar Land Rover Admits Sensitive Employee Data Exposed in Cyber Incident

British luxury car manufacturer Jaguar Land Rover said that threat actors accessed and stole sensitive personal information belonging to both current and former employees during a data security incident earlier this year.

 

In early September, Jaguar Land Rover, owned by India’s Tata Motors, suffered a significant cyber attack that forced the company to shut down multiple critical systems, including those at its UK factories such as the Solihull plant.

 

This shutdown caused major disruption to production and retail operations, with factory staff told to stay home for several weeks and UK dealers unable to register new vehicles or supply parts, directly impacting revenue.

 

The cyberattack was claimed by the hacking group Scattered Lapsus$ Hunters, which reportedly exploited stolen Atlassian JIRA credentials obtained through long-running phishing and malware campaigns targeting JLR employees.

 

The hackers allegedly exfiltrated up to 350GB of sensitive data, including source code, proprietary documents, and employee information. However, JLR stated there is no evidence that customer data was compromised.

 

Recently, The Telegraph reported that JLR emailed its current and former employees explaining that the affected data was held “in the context of employment” and included information required to administer payroll, benefits, and staff schemes for employees and their dependents.

 

The company added that it found no indication that the data has been misused, but advised current and former employees to stay alert for potential phishing attempts seeking to take advantage of the compromised information.

 

The incident had a substantial financial impact on JLR. The company reported expenses of £196 million related to the cyberattack in its Q2 FY26 financial results, with revenue for the quarter down 24% year-on-year to £4.9 billion and an EBIT margin dropping to -8.6%. Independent cybersecurity experts estimated the total cost of the attack to JLR and the UK economy at around £1.9 billion, making it one of the most economically damaging cyber events in UK history.

 

To support recovery, the UK government backed a £1.5 billion commercial bank loan to JLR under the Export Development Guarantee scheme, providing financial relief and helping the company rebuild its supply chain.