JLR: Payroll data stolen in cybercrime that shook UK economy
- Reference: 1765800500
- News link: https://www.theregister.co.uk/2025/12/15/jlr_payroll_data_stolen_in/
- Source link:
The breach, [1]which has been pegged as one of the most costly in UK history , includes bank account details, tax codes, and other sensitive data related to staff salaries, benefits, and former employees.
Jaguar Land Rover engines ready to roar again after weeks-long cyber stall [2]READ MORE
In an email to both current employees and former employees, seen by [3]The Telegraph , JLR wrote: "While investigating, we have unfortunately identified that there has been unauthorised access to some personal data we process in the context of employment and some information needed to administer payroll, benefits and staff schemes to employees and dependents. This includes data of ex-JLR team members that has been stored."
JLR insists there's no evidence of misuse yet, but it's still advising its tens of thousands of workers to "stay alert" for potential fraud and phishing attempts.
In a statement to the newspaper, a JLR spokesperson said: "From the ongoing forensic investigation, JLR believes that certain data related to current and former JLR employees, and contractors, was affected by the cyber incident. We remain in dialogue with the relevant regulators and we are in the process of contacting current and former employees and contractors as necessary."
[4]
The attack, which brought the company's manufacturing to a grinding halt for more than a month, has now led to a £1.5 billion drop in sales for JLR, with a further £196 million loss related to "exceptional items" linked to the breach.
[5]Cyber insurers paid out over twice as much for UK ransomware attacks last year
[6]Bank of England says JLR's cyberattack contributed to UK's unexpectedly slower GDP growth
[7]Jaguar Land Rover cyber-meltdown tipped to cost the UK almost £2B
[8]Jaguar Land Rover engines ready to roar again after weeks-long cyber stall
Beyond JLR's own balance sheet, [9]the damage rippled outward : the Cyber Monitoring Centre has classed the incident as a systemic event that could cost the UK economy up to £2.1bn, while Office for National Statistics data shows motor vehicle manufacturing shaved 0.17 percentage points off GDP in September, helping tip the economy into contraction.
The attack was attributed to Scattered Lapsus Hunters, the same hacker group responsible for other major incidents, including attacks on [10]Marks & Spencer and the Co-op. The hackers claimed they also stole customer data, but JLR has yet to confirm or deny this and did not respond to The Register 's repeated calls for comment on Monday.
[11]
The breach is yet another reminder of the growing vulnerability of major corporations to cyber threats, especially those outsourcing critical cybersecurity functions. ®
Get our [12]Tech Resources
[1] https://www.theregister.com/2025/11/17/asia_tech_news_roundup/
[2] https://www.theregister.com/2025/10/06/jlr_phased_production/
[3] https://www.telegraph.co.uk/business/2025/12/13/jaguar-land-rover-employees-pay-data-stolen-in-cyber-attack/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aUA-sk7lnxrSRDd2pRl-7AAAAAI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.theregister.com/2025/11/11/ransomware_surge_fuels_230_increase/
[6] https://www.theregister.com/2025/11/07/bank_of_england_says_jlrs/
[7] https://www.theregister.com/2025/10/22/jaguar_lander_rover_cost/
[8] https://www.theregister.com/2025/10/06/jlr_phased_production/
[9] https://www.theregister.com/2025/11/07/bank_of_england_says_jlrs/
[10] https://www.theregister.com/2025/05/13/ms_confirms_customer_data_stolen/
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aUA-sk7lnxrSRDd2pRl-7AAAAAI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[12] https://whitepapers.theregister.com/
outsourcing critical cybersecurity functions
To people who don't give a shit as they have no personal skin in the game.
It works the same if you replace the word "cybersecurity" with any other "business" function.
Re: outsourcing critical cybersecurity functions
Is that the trend of retiring in place? Or is the one about doing only as much work as it takes not to get fired?
Re: outsourcing critical cybersecurity functions
Er, I believe their cybersecurity was done by Tata, who *own* JLR. So perhaps not in this case.
Why
You have to wonder what the original intention of the attack was, to steal data or disrupt the production?
Re: Why
Why not both?
Quick distraction job.
Create a major kerfuffle over
While dipping into the vulnerable
But as with systems being what they are: done perhaps at the same time.
The disabling act gives gravity to the dataset offered by the miscreants no doubt in certain circles.
Re: Why
There possibly was some kind of outage that also affected manufacturing systems, but the production shortfall part of the story could be overemphasized as an attempt to conceal low sales volumes. I mean it's no secret that the 'J' from 'JLR' is now defunct, so might have been a good opportunity to extend the downtime a bit and remove leftover Jaguar production tools and parts from the factory floor.
utter madness
3rd party risk is seen as the major issue these days & i was at a talk where the ciso of a bank was going on about how 3rd parties lie, don't provide the services etc etc etc & when I ask ppl, well why not just bring it all back in house... you get a blank look.
As with manufacturers who shipped work to china & then were "shocked" that their designs were stolen & copies were being sold, i've got zero sympathy for any of these firms that get taken advantage of or hacked because they've shovelled jobs out or offshore.
Bonkers
More and more IT is commoditised and companies pay less and less for what is probably the most important part of a modern business yet they wonder why this crap happens - Russian Rolette to outsource your IT to the lowest bidder but as they aren't held responsible for losing personal data what do they care. JLR gambled and lost most companies have no idea of the consequences.
Surprised? Who?
The Guardian, 20 September 2025: "...Being a carmaker where ‘everything is connected’ has left JLR unable to isolate its plants or functions...."
So....Tata Consulting REALLY liked ensuring that "everything is connected".
Why would anyone be surprised that a hack would take down multiple factories, multiple suppliers in multiple countries?
Why would anyone be surprised that personal data was stolen?
Yup......TAXPAYERS would be surprised that they have to underwrite a 1.5 billion pound loan to an Indian company...that's who!!!
What are executives for?
I could understand a company not being prepared for the effects of, say, the Ukraine war, or Covid, or even sudden hikes in NI. But things like resiliency of your supply chains, major IT failures, dependency on suppliers... these should be major concerns for the be-suited classes. We're told they need to be paid globally competitive salaries but they aren't turning in globally competitive performances except that they are very skilled in shuffling off the consequences onto someone else. I used to wonder why investors weren't on top of this, but concluded eventually it's a case of "kick one and they all limp", it's the same crowd of plonkers.
The attack seems to have been so comprehensive that I'd have been surprised if sensitive data wasn't taken...