Jaguar Land Rover (JLR) suffered a damaging cyberattack at the end of last month that forced it to shutter many of its production lines around the world. And they’re still not up and running yet.
The automaker, which is owned by India’s Tata Motors, has now revealed that the hackers may have stolen data in the cyberattack, though it added that so far its investigations indicate that no customer information has been affected.
The cyberattack targeting JLR’s IT systems took place on August 31, with the automaker sharing news of the incident on September 2.
The company said on Wednesday that since it became aware of the hack, it’s been “working around the clock, alongside third‑party cybersecurity specialists, to restart our global applications in a controlled and safe manner.”
But it added that it now believes “some data has been affected … Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”
JLR — maker of popular vehicles such as the Range Rover, Land Rover Defender, and Jaguar I-Pace — said it’s “very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”
At least six JLR production plants — three in the U.K. and three overseas — have stopped their production lines, with thousands of workers sent home until further notice. Some news reports have said that the U.K. plants aren’t expected to get back online until Thursday at the earliest, though other reports suggested the factories, which collectively produce around 1,000 vehicles a week, might not start again until early next week.
Last week, a group of hackers claimed responsibility for the JLR cyberattack, posting a screenshot purporting to show the company’s internal IT systems.
The group is reportedly a collaboration between three English-speaking hacker groups: Scattered Spider, Lapsus$, and ShinyHunters.
Some of them have been accused of attacks on a number of high-profile U.K retailers this year, and four people were arrested in July in connection with those cyberattacks. Police investigations are ongoing.
