Jaguar Land Rover (JLR) has suspended its global car production since Sunday due to a cyber attack. Thousands of Range Rover and Jaguar customers awaiting delivery of their new cars face delays, even though some have already part-exchanged their old vehicles.
It came during the busiest week of the year for car registrations, as customers raced to purchase the new ’76 edition number plate, which launched on September 1. Production at Solihull, Halewood, Wolverhampton, and Castle Bromwich plants has been suspended since Sunday, and workers had not yet been given a return date. A cyber attack expert warned it could take “weeks, if not months,” to resolve. Production lines usually generate around 1,000 cars per day, which means dealership customers and those awaiting parts for repairs face delays.
Patrick Burgess, a cybersecurity specialist at BCS, the Chartered Institute for IT, warned that if JLR operations did not come back online in the coming days, these attacks “can take weeks, if not months” to resolve, reported The Times.
He believed that JLR has taken some IT systems offline proactively to protect them – a similar move helped Co-op recover more quickly from its hack this year.
The company reported the attack to the Information Commissioner’s Office (ICO), and on Thursday, it reconfirmed that “at this stage, there is no evidence any customer data has been stolen”.
An individual going by the name of “Rey” posted an image claiming responsibility for the attack on the cyberattackers’ Telegram group. As an extension lead for a three-pin plug was clearly visible, they are believed to be based in Britain.
“Rey” was also involved in Hellcat, a group that was involved in a JLR hack in March. Experts believe that they are the same.
They come under an umbrella group of hackers, Telegram group Scattered Lapsus Hunters 4.0, and one group under this hybrid, Scattered Spider, claimed to be behind the damaging Marks and Spencer attack.
However, experts highlighted that threat groups have a history of misattributing attacks, and so far there is no convincing evidence to confirm.
Companies must notify the ICO within 72 hours if a hack involves personal data, such as names, addresses, phone numbers, bank account details or employee records.
The ICO confirmed: “Jaguar Land Rover has reported an incident and we are assessing the information provided.”
JLR said: “We are aware of the claims relating to the recent cyber-incident and we are continuing to actively investigate.”