The cyberattack on **Jaguar Land Rover (JLR)** was classified as a **nationally significant incident** by the UK’s National Cyber Security Centre (NCSC), with experts describing it as more than a mere company outage but an **economic security threat**. The attack caused **major operational and economic disruption**, risking prolonged downtime that could stall JLR’s production—a critical sector for the UK’s export-driven growth ambitions. Lucas Kello, director of Oxford’s Cyber Security Research Centre, warned that extended disruption could undermine the government’s mission for sustained G7-leading economic growth, given JLR’s role as a top exporter.The incident highlights how cyber threats to private-sector giants can escalate into **systemic risks**, affecting supply chains, employment, and national economic stability. While specifics of the attack (e.g., ransomware, data breach, or sabotage) were not detailed, its classification as **‘highly significant’** suggests severe consequences, potentially including **financial losses, reputational damage, and cascading effects on dependent industries**. The NCSC’s urgency in pushing CEOs for stronger defenses underscores the attack’s gravity, framing it as a **strategic vulnerability** rather than an isolated IT failure.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag4292042101425",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Automotive',
'location': 'UK',
'name': 'Jaguar Land Rover (JLR)',
'size': 'Large (major UK exporter)',
'type': 'Private (Automotive Manufacturer)'},
{'industry': 'Retail/Financial',
'location': 'UK',
'name': 'Co-op',
'size': 'Large',
'type': 'Private (Retail/Financial Services)'},
{'industry': 'Retail',
'location': 'UK',
'name': 'Marks & Spencer',
'size': 'Large',
'type': 'Private (Retail)'},
{'industry': 'Various',
'location': 'UK/Global',
'name': '40+ Major Businesses (via '
'Salesforce/Salesloft)',
'type': 'Private (Multiple Sectors)'},
{'industry': 'Government/Critical Infrastructure',
'location': 'UK',
'name': 'UK Central Government / Essential Services',
'type': 'Public Sector'}],
'attack_vector': ['Unknown (general cyberattacks)',
'Data exfiltration (Scattered Lapsus$ Hunters)',
'Supply chain (Salesforce/Salesloft)'],
'data_breach': {'data_exfiltration': 'Yes (40+ businesses)',
'sensitivity_of_data': 'High (corporate, potentially '
'customer/employee data)',
'type_of_data_compromised': 'Sensitive corporate data (leaked '
'by Scattered Lapsus$ Hunters)'},
'date_detected': '2024-09-01',
'date_publicly_disclosed': '2025-08-30',
'description': 'The UK faced 204 nationally significant cyberattacks in one '
"year (2024-2025), more than double the previous year's count "
"(89 in 2023-2024). Of these, 18 were classified as 'highly "
"significant,' causing severe disruptions to central "
'government, essential services, the economy, or a large '
'portion of the population. The private sector, including '
'major firms like Jaguar Land Rover (JLR), Co-op, and Marks & '
'Spencer, experienced significant economic and operational '
'disruptions. The NCSC urged top UK firms to strengthen '
'defenses against ransomware, cyber-espionage, and DDoS '
'attacks. Notably, the threat group Scattered Lapsus$ Hunters '
'leaked sensitive data from over 40 major businesses, '
'including Salesforce/Salesloft targets.',
'impact': {'brand_reputation_impact': 'High (public disclosure of breaches, '
'data leaks)',
'data_compromised': 'Sensitive corporate data (40+ major '
'businesses, including JLR, Co-op, Marks & '
'Spencer)',
'downtime': 'Weeks to months (potential, e.g., JLR disruption)',
'operational_impact': "Severe (e.g., JLR described as an 'economic "
"security incident' threatening UK growth "
'targets)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (Scattered Lapsus$ '
'Hunters leaked data)',
'high_value_targets': 'Yes (e.g., JLR, Co-op, Marks '
'& Spencer, '
'Salesforce/Salesloft '
'customers)'},
'investigation_status': 'Ongoing (NCSC review covers Sept 2024–Aug 2025; '
'specific incidents may still be under investigation)',
'lessons_learned': "The NCSC emphasized the need for 'concrete actions' by "
'CEOs and chairs of top UK organizations to defend against '
'rising ransomware, cyber-espionage, and DDoS threats. '
'Prolonged disruptions (e.g., JLR) can threaten national '
'economic goals, highlighting the intersection of '
'cybersecurity and economic security.',
'motivation': ['Financial gain (ransomware)',
'Espionage',
'Disruption (DDoS)',
'Data theft (leaks)'],
'post_incident_analysis': {'corrective_actions': ["NCSC calling for 'concrete "
"actions' from business "
'leaders',
'Heightened monitoring and '
'response coordination',
'Public-private '
'collaboration (e.g., NCSC '
'assistance)'],
'root_causes': ['Inadequate defenses against '
'ransomware/espionage/DDoS (per '
'NCSC)',
'Supply chain vulnerabilities '
'(e.g., Salesforce/Salesloft)',
'Targeting of high-value sectors '
'(automotive, retail, '
'government)']},
'ransomware': {'data_exfiltration': 'Yes (associated with some attacks)'},
'recommendations': ['Strengthen defenses against ransomware (NCSC urgency)',
'Improve resilience to DDoS and cyber-espionage',
'Enhance supply chain security (e.g., '
'Salesforce/Salesloft vulnerabilities)',
'Prioritize incident response planning for nationally '
'significant entities',
'Monitor dark web for leaked data (e.g., Scattered '
'Lapsus$ Hunters)'],
'references': [{'date_accessed': '2025-09-01',
'source': 'TechRadar (via The Record)',
'url': 'https://www.techradar.com/news/uk-saw-204-nationally-significant-cyberattacks-in-one-year-more-than-double-the-previous-count'},
{'source': 'NCSC Annual Review 2024'}],
'response': {'communication_strategy': 'Public disclosure via NCSC annual '
'review; warnings to CEOs/chairs of '
'top UK firms',
'incident_response_plan_activated': 'Yes (NCSC assisted in 429 '
'attacks)',
'third_party_assistance': 'NCSC (National Cyber Security '
'Centre)'},
'stakeholder_advisories': 'NCSC urged CEOs/chairs of top UK firms to take '
'action against cyber threats.',
'threat_actor': ['Scattered Lapsus$ Hunters', 'Unspecified (other attacks)'],
'title': 'Surge in Nationally Significant Cyberattacks in the UK (2024-2025)',
'type': ['Ransomware',
'Cyber-Espionage',
'Distributed Denial of Service (DDoS)',
'Data Breach']}