A ‘cyber incident’ against the car maker JLR (Jaguar Land Rover) continues to cause the firm ‘disruption‘. The UK official NCSC confirms that it’s working with the firm ‘to provide support’.
Much like retailers M&S and the Co-operative, hit by cyber attack in the summer, JLR says it’s ‘been working around the clock, alongside third‑party cybersecurity specialists, to restart our global applications in a controlled and safe manner’.
As commentators such as from the defence and security think-tank RUSI have noted, and Professional Security Magazine in features on disrupted institutions such as the British Library, councils, and the University of Manchester; and not only do such attacks mean long and hard remedial work; but suppliers (and their suppliers) may be affected, besides customers unable to contact the firm.
Comments
Shobhit Gautam, Staff Solutions Architect, EMEA at the platform HackerOne said: “The outage is the smoke but the data is the fire. JLR has confirmed that some data was affected and regulators notified. That moves this from an operational incident to a people incident, with knock-on risk for customers, dealers, and suppliers. Credit to JLR for keeping recovery controlled and transparent. That’s how you protect trust when the stakes are high.
“What this really shows is the modern auto stack under pressure. Intrusions don’t stop at the factory gate. They ride identity, third-party access and widely-deployed enterprise apps to land in Enterprise Resource Planning (ERP), dealer and supplier systems. A single blast radius hits operations and information at once. Expect the long tail now which will include phishing off the back of exposed data, supplier impersonation and attempts to monetise whatever was taken.
“The urgent takeaways for the sector are to protect identity first with phishing-resistant MFA, then segment hard between IT, ERP and Operational Technology (OT). Treat partner connectivity as privileged and instrument for exfiltration, not just encryption. Then pressure-test it continuously with independent researchers. In automotive, reliability is the brand. Resilience is how you keep it.”
At the consultancy Acumen Cyber, Cian Heasley, principal consultant said ten days since the initial breach disclosure: “Right now the ransomware ecosystem is a bit like the credit card fraud underground in the late ’90s or early 2000s. Russian hackers had credit cards but couldn’t use them because the companies flagged Russian related addresses or transactions, while American carders had trouble accessing the cards. To overcome this, Russian hackers then wound up selling on the cards to people in the West for fees.
Sam Kirkman, Director of Services, EMEA at the cyber firm NetSPI said: “JLR has stated that they took proactive steps to contain the breach and minimise its impact, which is a commendable course of action, but has necessarily amplified the visible operation impact of this incident. Based on the modus operandi of these criminals, organisations wanting to limit their exposure should carefully consider operational resilience and redundancy, as well as validating their cybersecurity controls and procedures in preparation for future attacks.”
The train operator London North Eastern Railway (LNER) meanwhile confirmed a cyber-attack originating in its supply chain. At the IT firm Northdoor, AJ Thompson, CCO, pictured, said: “This latest attack has once again highlighted the increasing threat from cyber criminals using supply chain partners to access the data of their primary targets. We have seen throughout 2025 that criminals are now using supply chains as their preferred route into larger organisations.
“The impact on these companies is huge, losing money, reputation as well as having to deal with the regulatory consequences of such breaches. However, with supply chains now so large and complex, understanding where vulnerabilities might lie within the systems of third or even fourth party parties seems like a near impossible task.
“It is no wonder then that so many are falling victim to such attacks and why cyber criminals are increasingly turning to this form of attack as their primary approach. There is hope though.
“Many are turning to leading third party risk suppliers to gain a 360-degree view of their entire supply chain’s systems and where vulnerabilities may lie. Using such solutions means organisations can then speak directly to partners and ensure that such vulnerabilities are shut down before they are exploited. It also allows a more thorough vetting process when bringing new partners on board.
“The threat from cyber criminals using third parties to gain access to primary targets is only likely to increase over the coming months. It is proving very effective and unless companies get to grips with this type of attack many more are going to become victims. Looking for innovative solutions from leading consultancies that can provide the insight needed to deal with vulnerabilities will be critical.”
Meanwhile, Check Point Research has today released its Global Threat Intelligence Report for August 2025. Visit: https://blog.checkpoint.com/research/global-cyber-threats-august-2025-agriculture-hit-hard/
Omer Dembinsky, Data Research Manager at Check Point Research, says: “August’s threat data makes one thing clear: cyberattacks are intensifying in both volume and impact. Education, telecoms, and agriculture are being targeted because they are essential and because attackers know disruption here creates maximum leverage.
“With ransomware rising and AI accelerating attack speed, the only sustainable path forward is a prevention-first, AI-powered strategy. Organisations must move beyond detection to real-time prevention, protecting the network, cloud, endpoints, and identities in an integrated way. Only by doing so can we build resilience and safeguard critical services against relentless cyber adversaries.”
