Jaguar Land Rover (JLR) says it is ‘working around the clock’ to restart its IT systems after becoming the latest major victim of a cyber attack this week that has impacted its global business.
In its latest statement issued to the Daily Mail, the vehicle manufacturer says it is working tirelessly to restore its applications in a ‘controlled and safe manner’ and has confirmed it is now working with third-party cybersecurity specialists and alongside law enforcement to understand the full consequences of the breach.
This comes after the British car maker this week informed factory workers at its UK plants to remain at home until at least Tuesday as it continues to grapple with the ramifications of the ‘cyber incident’ identified on Sunday.
It has not only triggered a production shutdown but also seen its dealer network struggle to register new models at one of its busiest times of the year.
Parts suppliers are now raising concerns about the impact on their businesses, which is said to have forced some into ‘panic and recovery mode’ while JLR continues to try to contain the issue.
The car firm said: ‘We want to thank all our customers, partners, suppliers and colleagues for their patience and support.
‘We are very sorry for the disruption this incident has caused. Our retail partners remain open and we will continue to provide further updates.’
Jaguar Land Rover says it is ‘working around the clock’ to restart its IT systems after becoming the latest large-scale victim of a cyber attack last week that has impacted its global business
On Thursday, factory staff at its vehicle plants in Halewood in Merseyside and Solihull in the West Midlands – as well as its engine factory in Wolverhampton – were told not to return to the workplace until Tuesday at the very earliest.
A notice sent to Halewood workers on 4 September stated: ‘Friday September 5 and Monday September 8: the leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement.
‘All colleagues are required to attend work as normal on Tuesday September 9 unless informed otherwise.’
It is believed that vehicle output could remain suspended deeper into next week if a resolution isn’t found.
JLR dealers have also been locked out of online systems. However, they have been able to register new models, though via a more arduous process.
It comes at a salient period of the calendar year, with the new ’75’ plate launched this month, which typically attracts more showroom visits and model sales than at any time of the year.
Thousands of existing owners are also believed to be affected, with garages unable to provide repairs as the IT shutdown has an impact on JLR’s parts supply chain.
Factory workers at JLR in Halewood, Merseyside, and Solihull (pictured) – as well as its engine factory in Wolverhampton – have been told not to come in until Tuesday at the very earliest
A member of staff checks the paintwork on Range Rover bodies as they pass through the paint shop at Jaguar Land Rover’s factory in Solihull
On Wednesday, the hacker group also responsible for the highly damaging attack on Marks and Spencer earlier in the year, confirmed it was responsible for infiltrating JLR’s systems.
The group of young English-speaking hackers – who are thought to be teens calling themselves ‘Scattered Lapsus$ Hunters’ – told the BBC how they allegedly accessed the car maker.
However, they are yet to confirm if they have successfully stolen private data from JLR or installed malicious software onto the company’s network.
The car maker has said that, at this stage, there is ‘no evidence any customer data has been stolen’ but acknowledged that its ‘retail and production activities have been severely disrupted’ as a result.
The hacking group posted two images this week showing apparent internal instructions for troubleshooting a car charging issue and internal computer logs.
Security experts say these images suggest the group had access to information they should not have.
Shaun Adams, the managing director of parts supplier Qualplast said the pause to assembly lines could have a knock-on effect on the company’s own sales.
It provides products to JLR – and other major car makers including Aston Martin, Honda and Toyota – using a process called flock coating; this involves applying tiny fibres to surfaces to give them a soft, velvety texture. It is used for panels inside vehicle cabins, such as glove boxes, armrests and door pockets.
‘It’s worrying, we have had to move into panic and recovery mode, although we’re used to short shutdowns, but if this continues, it would be concerning,’ he told the BBC.
Describing JLR as a ‘significant client, he added: ‘We have other work that we can move people onto in the short term, but if this starts progressing over weeks, then we would have to seriously look at what we need to future-proof.’
Parts suppliers have started to raise concerns about the impact to their businesses of JLR shutting down its assembly lines while it attempts to resolve the issues linked to the cyber breach
The car maker has reiterated that, at this stage, there is ‘no evidence any customer data has been stolen’ but acknowledged that its ‘retail and production activities have been severely disrupted’ as a result
In response to reports of parts supply disruptions for customers expecting vehicle repairs, the manufacturer told us on Friday: ‘We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.
‘Retailers are continuing to carry out repair work using locally held stock and we are supporting our retailers with access to our diagnostic systems to allow the, to continue work on client vehicles while are systems are not accessible.
‘Our roadside assistance service is operating with our dedicated fleet of branded vehicles, actively supporting clients in need – whether they’ve experienced a breakdown or require roadside assistance.’
Despite facing ongoing problems, JLR’s UK showrooms remain open, with September being one of the busiest periods of the year for car showrooms due to the arrival of the new number plate.
Traditionally, buyers are more likely to purchase new models during the months when the latest number plate age identifier – in this month’s case, the ’75’ plate – is launched, which occurs twice a year, also taking place in March.
JLR has told us that it has only been able to register ‘some’ new models since Monday 1 September.
While systems are down, retailers are being forced to register each model manually, which involves phoning the DVLA to provide all the necessary information for each vehicle purchased.
The company, which is owned by India’s Tata Motors, shut down its systems late Sunday night to limit potential damage from the cyber attack and has yet to come back online. Pictured, the Halewood factory in Merseyside
JLR has told the Daily Mail that ‘some’ new 75-plate models have been sold this week, though dealers are having to go through an arduous process of registering each one by phone with the DVLA while the IT systems are down
JLR’s ability to react so quickly to the breach is partly thanks to its IT service provider also being a subsidiary of its parent group, Tata
The company, which is owned by India’s Tata Motors, shut down its systems late Sunday night to limit potential damage from the cyber attack and has yet to come back online.
JLR’s ability to react so quickly to the breach is partly thanks to its IT service provider also being a subsidiary of its parent group.
TCS – Tata Consultancy Services – is responsible for the car maker’s IT and cybersecurity systems, having extended its partnership in 2023 to ‘accelerate digital transformation across its business’.
Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, said: ‘This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.
‘Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.’
Agha added: ‘While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.
‘Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.’
Jake Moore, global cybersecurity advisor at antivirus and internet security provider ESET, also commented: ‘Striking at a time when more than usual customers are likely to see potential delays with their new vehicle registrations and/or deliveries will have been a tactful decision made by the attackers to deliver their message loudest.
‘Even though there is no evidence to suggest customer data has been compromised so far, any cyberattack on a company of this size is a reminder to secure all accounts by enabling multi-factor authentication, using unique passwords and where possible, remain on guard for suspicious messages.’
#Jaguar #Land #Rover #working #clock #restore #systems #Sundays #cyber #attack
