Jaguar Land Rover (JLR) suffered a severe cyber attack that forced the company to extend its production pause until October 1, 2024. The incident disrupted operations for over three weeks, significantly impacting the automaker’s supply chain, suppliers, and retailers. JLR is collaborating with cybersecurity specialists, the UK’s National Cyber Security Centre (NCSC), and law enforcement to investigate and restore secure operations. The UK government is assessing the broader economic impact, as prolonged halts have strained supplier businesses. The attack’s scale suggests critical operational disruptions, with potential long-term financial and reputational damage. While no specific data breach details were disclosed, the prolonged outage indicates a high-severity incident threatening core business continuity.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag2932329092525",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'North America',
'name': 'Stellantis',
'type': 'Automotive Manufacturer'},
{'industry': 'Automotive',
'location': 'United Kingdom',
'name': 'Jaguar Land Rover (JLR)',
'type': 'Automotive Manufacturer'},
{'customers_affected': '1,000,000+',
'industry': 'Financial Services',
'location': 'United States',
'name': 'Farmers Insurance',
'type': 'Insurance Provider'},
{'customers_affected': '760 Companies (1.5 Billion '
'Records)',
'industry': 'Technology',
'location': 'Global',
'name': 'Salesforce (Third-Party Platform)',
'type': 'Cloud Service Provider'}],
'attack_vector': ['Social Engineering (Voice Phishing)',
'Compromised OAuth Tokens (Salesloft Drift)',
'Third-Party Vendor Exploitation'],
'customer_advisories': ['Direct Notifications to Affected Customers '
'(Stellantis)'],
'data_breach': {'data_exfiltration': ['Yes (Salesforce Breach)'],
'number_of_records_exposed': ['1.5 Billion (Salesforce '
'Breach, 760 Companies)',
'1,000,000+ (Farmers '
'Insurance)'],
'personally_identifiable_information': ['Contact Details '
'(Stellantis)'],
'sensitivity_of_data': ['Low (Stellantis: No '
'Financial/Sensitive PII)',
'Moderate (Farmers Insurance: '
'Customer Data)'],
'type_of_data_compromised': ['Contact Information '
'(Stellantis)',
'Customer Data (Farmers '
'Insurance)']},
'description': 'Stellantis detected unauthorized access to a third-party '
'service provider’s platform supporting its North American '
'customer service operations. The breach involved contact '
'information but no financial or sensitive personal data. The '
'attack is linked to the ShinyHunters group, which exploited '
'compromised Salesloft Drift OAuth tokens to steal over 1.5 '
'billion Salesforce records from 760 companies. Separately, '
'Jaguar Land Rover (JLR) extended a production pause due to a '
'cyber attack, working with cybersecurity specialists, the '
'NCSC, and law enforcement to investigate and recover.',
'impact': {'brand_reputation_impact': ['Potential Reputation Damage for '
'Stellantis and JLR'],
'data_compromised': ['Contact Information (Stellantis)'],
'downtime': ['JLR Production Halt (Extended to October 1, >3 '
'Weeks)'],
'identity_theft_risk': ['Low (No Financial/Sensitive PII '
'Compromised in Stellantis Breach)'],
'operational_impact': ['JLR Supply Chain Disruption',
'Stellantis Customer Service Operations '
'Affected'],
'payment_information_risk': ['None (Stellantis Breach)'],
'systems_affected': ['Third-Party Service Provider Platform '
'(Salesforce)',
'Jaguar Land Rover Production Systems']},
'initial_access_broker': {'data_sold_on_dark_web': ['Likely (ShinyHunters '
'Modus Operandi)'],
'entry_point': ['Compromised OAuth Tokens '
'(Salesforce)',
'Voice Phishing (Call Center Social '
'Engineering)'],
'high_value_targets': ['Salesforce Customer Data',
'JLR Production Systems']},
'investigation_status': ['Ongoing (Stellantis)', 'Ongoing (JLR)'],
'motivation': ['Data Theft', 'Extortion', 'Financial Gain', 'Disruption'],
'post_incident_analysis': {'root_causes': ['Third-Party Vendor '
'Vulnerabilities',
'Social Engineering Success',
'OAuth Token Misconfiguration']},
'ransomware': {'data_exfiltration': ['Yes (Salesforce Breach)']},
'references': [{'source': 'Stellantis Press Release'},
{'source': 'BleepingComputer - Salesforce Data Breach'},
{'source': 'BleepingComputer - Farmers Insurance Breach'},
{'source': 'FBI Flash Advisory'},
{'source': 'Jaguar Land Rover Website Notification'},
{'source': 'BBC - JLR Cyber Attack Coverage'}],
'regulatory_compliance': {'regulatory_notifications': ['Appropriate '
'Authorities Notified '
'(Stellantis)']},
'response': {'communication_strategy': ['Press Release (Stellantis)',
'Website Notification (JLR)'],
'containment_measures': ['Prompt Action to Contain (Stellantis)',
'Production Pause (JLR)'],
'incident_response_plan_activated': ['Yes (Stellantis)',
'Yes (JLR)'],
'law_enforcement_notified': ['Yes (Stellantis)',
'Yes (JLR)',
'FBI Flash Advisory Issued'],
'recovery_measures': ['Customer Notifications (Stellantis)',
'Supply Chain Recovery (JLR)'],
'remediation_measures': ['Comprehensive Investigation '
'(Stellantis)',
'Phased Restart Plan (JLR)'],
'third_party_assistance': ['Cybersecurity Specialists (JLR)',
'NCSC (JLR)',
'Law Enforcement (JLR)']},
'stakeholder_advisories': ['JLR Suppliers Impacted',
'UK Government Supply Chain Review'],
'threat_actor': ['ShinyHunters (Salesforce Breach)'],
'title': 'Unauthorized Access to Stellantis Third-Party Service Provider and '
'Jaguar Land Rover Cyber Attack',
'type': ['Data Breach',
'Cyber Attack',
'Third-Party Vendor Compromise',
'Production Disruption'],
'vulnerability_exploited': ['Weak Authentication in Third-Party Platforms',
'OAuth Token Misconfiguration',
'Human Error (Phishing Susceptibility)']}