Jaguar Land Rover admits hackers may have taken data

Jaguar Land Rover (JLR) has admitted that some data may have been taken by hackers in a cyber-attack that has halted car production and forced the vehicle-maker to send workers home.

The company, owned by India’s Tata Motors, initially said it did not believe any customer information had been stolen

Now, 11 days after the attack, it has conceded that some data has been impacted but declined to say exactly who the information pertained to, such as customers, suppliers or JLR itself.

The affected plants in the UK are not expected to restart until Thursday at the earliest and worldwide production of around 1,000 vehicles a day has been halted.

Production lines at JLR’s factories in Solihull, Halewood and Wolverhampton have been at a standstill since the beginning of last week.

A group calling itself Scattered Lapsus$ Hunters, which was behind this year’s cyber- attacks on UK retailers including M&S, has claimed responsibility for the JLR hack.

Last week, the Information Commissioners Office told the BBC that JLR had reported an incident to the UK’s data watchdog.

In a new statement, JLR said on Wednesday: “As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.

“Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”

However, Ciaran Martin, a professor at the University of Oxford and the former boss of the National Cyber Security Centre (NCSC), said data isn’t really the issue for a company like JLR – it is more important that the firm can keep operating and making cars.

He told the BBC Radio 4’s Today programme: “There’s a real difference between somebody breaking into your house when you’re not there or when you’re asleep and maybe photocopying your bank records and your medical records and using that to defraud you.

“There’s a real difference between that and being punched in the face and having your legs broken.”

Prof Martin said that “the law right now tells companies to protect customer data as your number one priority” but said that securing a firm’s operation was just as important.

M&S’s operation was impacted by a cyber-attack for a number of months this year, stopping customers from ordering online and costing the High Street retailer £300m.

JLR shut down its IT networks in response to the attack.

The company said it is “working around the clock”, to restart its IT systems but doing so is understood to be a highly complex process.

The NCSC, which is part of GCHQ, is assisting JLR.

Chris Bryant, the newly-appointed business minister, told MPs on Tuesday that the government was “engaging with JLR on a daily basis to understand the challenges that the company and its suppliers are facing”.

Local MPs have been invited to a half-hour question and answer session with the company on Friday.