No new Land Rover cars have been produced since 1 Sept. attack; issues affecting JLR globally
Data has been “affected” as a result of the cyber-attack on JLR last week, the company has confirmed.
The 1 Sept. hack has left the Jaguar & Land Rover maker crippled. No cars have been produced globally since, leading to what is expected to be millions of pounds of lost income.
Timescale
A timescale for a fix is yet to be announced.
The extent of the issues meant JLR brought in police & cybersecurity experts over the weekend to “restart our global applications in a controlled & safe manner”.
During this process, which included an investigation, it was discovered that “some data” was “affected”, commented JLR.
JLR explained today (10 Sept.) that those affected will be contacted, suggesting that this data relates to customers & may have been stolen.
Investigation
A JLR spokesperson stated: “As a result of our ongoing investigation, we now believe that some data has been affected, & we are informing the relevant regulators.
“Our forensic investigation continues at pace & we will contact anyone as appropriate if we find that their data has been impacted.
“We are very sorry for the continued disruption this incident is causing & we will continue to update as the investigation progresses.”
Rebuilding
JLR has been rebuilding its internal IT systems since it shut them down following the cyber-attack.
Alongside production issues, dealer sales, handovers & parts ordering are also affected.
JLR said on Sat. that “our retail partners remain open”. Dealers are manually registering cars while computer systems remain down.
Updated Daily
Meanwhile, the majority of workers at JLR’s production sites in the W. Midlands & Merseyside have been told not to return to work again today. They are being updated daily & still being paid, with lost hours being “banked”.
Production is also understood to have stopped at JLR’s factories in Slovakia & India.
While JLR’s public-facing website appears to be fully operational, the car configurator isn’t accepting build orders, instead directing buyers to purchase from stock.
New Plate ‘75’ Day – Sept. 1
JLR hack: what happened?
Issues affecting JLR were 1st reported on 1 Sept., when dealers couldn’t register new cars on ‘new plate ‘75’ day’ , traditionally one of the year’s busiest for registrations.
In an effort to combat the hack, JLR began “shutting down our systems” on 2 Sept.
It’s still in the process of rebuilding them & is unable to confirm a timescale for the fix.
Scattered Spider
Who has claimed responsibility?
On 3 Sept., ‘Scattered Spider’ – the group that hacked retailer Marks & Spencer in May, causing 7 weeks of disruption & costing £300m in lost operating profit – claimed responsibility for the attack on JLR.
Along with fellow hacking group ‘Shiny Hunters’, it claimed to have obtained customer data after exploiting a similar flaw in JLR’s IT system, The Telegraph reported.
Screenshot
The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR’s internal system.
A member of the group told The Telegraph that a well-known flaw in SAP Netweaver – 3rd-party software used by JLR – was exploited to access the data.
US cyber agency CISA warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.
It’s also not known what data was taken or if a ransom demand has been made?
JLR had previously observed in a statement on 3 Sept. that “there is no evidence any customer data has been stolen”.
The hacking groups are believed to be made up of teenagers from English-speaking countries.
