JLR hack: what happened?

Autocar first reported issues affecting JLR on 1 September, when dealers couldn’t register new cars on ‘new plate day’ , traditionally one of the year’s busiest for registrations.

In an effort to combat the hack, JLR began “shutting down our systems” on 2 September.

It’s still in the process of rebuilding them and is unabel to confirm a timescale for the fix.

The hack has left JLR incapacitated. No cars have been produced globally since, leading to millions of pounds of lost income.

The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.

During this process, which included an investigation, it was discovered that “some data” was “affected”, said JLR. Those affected will be contacted, said the firm.

It’s not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data given the involvement of the police.

JLR said in a statement on 15 September that it will look to restart production on 24 September.

Who has claimed responsibility for JLR hack?

On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.

This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.

It claimed to have obtained customer data after exploiting a similar flaw in JLR’s IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR’s internal system.

A member of the group revealled that a well-known flaw in SAP Netweaver, third-party software used by JLR, was exploited to access the data.