Jaguar Land Rover (JLR) has reportedly told staff the cyber raid that crippled its operations in August didn’t just bring production to a screeching halt – it also walked off with the personal payroll data of thousands of employees.
The breach, which has been pegged as one of the most costly in UK history, includes bank account details, tax codes, and other sensitive data related to staff salaries, benefits, and former employees.
In an email to both current employees and former employees, seen by The Telegraph, JLR wrote: “While investigating, we have unfortunately identified that there has been unauthorised access to some personal data we process in the context of employment and some information needed to administer payroll, benefits and staff schemes to employees and dependents. This includes data of ex-JLR team members that has been stored.”
JLR insists there’s no evidence of misuse yet, but it’s still advising its tens of thousands of workers to “stay alert” for potential fraud and phishing attempts.
In a statement to the newspaper, a JLR spokesperson said: “From the ongoing forensic investigation, JLR believes that certain data related to current and former JLR employees, and contractors, was affected by the cyber incident. We remain in dialogue with the relevant regulators and we are in the process of contacting current and former employees and contractors as necessary.”
The attack, which brought the company’s manufacturing to a grinding halt for more than a month, has now led to a £1.5 billion drop in sales for JLR, with a further £196 million loss related to “exceptional items” linked to the breach.
Beyond JLR’s own balance sheet, the damage rippled outward: the Cyber Monitoring Centre has classed the incident as a systemic event that could cost the UK economy up to £2.1bn, while Office for National Statistics data shows motor vehicle manufacturing shaved 0.17 percentage points off GDP in September, helping tip the economy into contraction.
The attack was attributed to Scattered Lapsus Hunters, the same hacker group responsible for other major incidents, including attacks on Marks & Spencer and the Co-op. The hackers claimed they also stole customer data, but JLR has yet to confirm or deny this and did not respond to The Register‘s repeated calls for comment on Monday.
The breach is yet another reminder of the growing vulnerability of major corporations to cyber threats, especially those outsourcing critical cybersecurity functions. ®