Jaguar Land Rover reportedly targeted in major cyberattack, sensitive data stolen

Jaguar Land Rover (JLR), the British luxury car manufacturer, has reportedly fallen victim to a cyberattack, with hackers allegedly stealing sensitive corporate data, including source code, proprietary documents, and employee details. The breach, which came to light last week, was reported by cybersecurity researcher Alon Gal, CTO of Hudson Rock.

According to Gal, the attack was carried out by the Hellcat ransomware group, which has claimed responsibility for leaking gigabytes of confidential information. A hacker known as “Rey” posted on the dark web forum BreachForums, claiming to have stolen 700 documents from JLR. Shortly after, another threat actor, identified as “APTS,” claimed to have exploited the same security vulnerability, posting a massive 350GB tranche of data.

The hackers reportedly gained access to JLR’s systems by exploiting stolen Atlassian JIRA credentials. JIRA is a widely used project management tool that allows third-party developers and partners to collaborate remotely. According to Gal, these credentials were harvested over several years through infostealer malware, which infected employees’ devices via phishing emails, malicious downloads, or compromised websites. Once obtained, the stolen login credentials were sold or stored on the dark web, where they were eventually used in the attack.

Gal noted that many of the compromised credentials were outdated, raising concerns that JLR had failed to rotate or deactivate old logins. “The credentials they harvest can remain viable for years, especially if companies fail to implement robust monitoring, multi-factor authentication (MFA), or timely credential rotation,” he stated.

The Hellcat group, which first emerged in 2024, has previously targeted telecom companies, universities, and energy firms. If the claims of the JLR breach are accurate, the exposure of proprietary vehicle development data, tracking logs, and employee records could have serious repercussions. Cybersecurity expert Karolis Arbaciauskas, head of business product at NordPass, emphasized the potential fallout, warning that such a breach could lead to reputational damage, financial losses, and a competitive disadvantage.

“Just imagine—your company has poured millions into R&D, and one day, someone just steals it all and sells it to your competitors for a fraction of what you invested,” Arbaciauskas said. JLR has not yet publicly commented on the reported cyberattack.