Jaguar Land Rover Hit by Major IT Security Incident, Adding to Growing Cyber Threats in Auto Industry

Jaguar Land Rover (JLR), the British luxury carmaker owned by Tata Motors, has confirmed a major IT security incident that is impacting its global business operations. The company disclosed the breach in a regulatory filing to Indian stock exchanges on September 1, 2025, stating they are "working at pace to resolve global IT issues impacting our business".

JLR has not revealed specific details about the nature or extent of the breach. However, we believe this incident is part of a broader pattern of sophisticated attacks targeting the automotive industry. Earlier this year, the HELLCAT ransomware group had already targeted JLR in separate incidents, stealing hundreds of internal documents and compromising employee data through stolen Jira credentials. 

Rising Tide of Automotive Cyber Attacks

The automotive sector has emerged as a prime target for cybercriminals, with security researchers documenting over 735 significant incidents directly targeting the industry since 2023. The sector experienced more than 100 ransomware attacks and 200 data breaches in 2024 alone, marking it as the most cyber-attacked industry.

Recent Major Incidents Include:

CDK Global Attack (June 2024): The BlackSuit ransomware group crippled software systems used by over 15,000 car dealerships across North America, forcing many to resort to pen-and-paper operations. CDK reportedly paid a $25 million ransom to restore services, with total business interruption losses estimated at $1 billion. 

Toyota Breaches: Multiple incidents hit the Japanese automaker, including a 240GB data theft by the ZeroSevenGroup affecting customer profiles and business plans. Toyota Financial Services in Europe and Africa was also targeted by the Medusa ransomware group demanding $8 million. 

Honda Ransomware (2020-2024): The company faced multiple Snake ransomware attacks that disrupted global operations, forcing production halts at plants in Ohio, Turkey, India, and South America. 

Supply Chain Vulnerabilities: Automotive suppliers including Denso (Toyota supplier), Bridgestone Americas, and Vauxhall Motors have all suffered major breaches, with attackers stealing millions of customer records and proprietary data.

Why Automotive Industry is Under Siege

Modern vehicles contain over 100 million lines of code and approximately 30,000 individual components, most sourced from third-party suppliers. This complexity creates numerous entry points for cybercriminals targeting everything from manufacturing systems to customer data.

The industry's rapid digital transformation through connected vehicles, autonomous systems, and electric vehicle infrastructure has expanded the attack surface significantly. Ransomware costs for the automotive sector soared from $74.7 million to $209.6 million in just the first half of 2023, while total system downtime rose from $1.3 billion to $1.99 billion.

Key attack vectors include compromised credentials from infostealer malware, vulnerable legacy systems not designed with cybersecurity in mind, and the interconnected nature of modern automotive supply chains where a single breach can cascade across multiple organizations. 

Tata Motors has stated it will provide further updates on the JLR incident as information becomes available from the subsidiary.