What Can Auto Dealers Learn From The Jaguar Land Rover Cyberattack?

A devastating cybersecurity attack led to a significant data breach and severe operational disruption for Jaguar Land Rover (JLR), underscoring key cybersecurity gaps in electric vehicle manufacturing.

Although the company has remained silent about the extent of the data breach, it admitted that hackers were able to gain access to some of its sensitive information and systems. JLR announced the cyber incident on September 2, 2025.

Fallout from the massive attack is still being felt both here and abroad.

In this article, we’ll discuss the latest news on the Jaguar Land Rover cyber incident and the perpetrators believed to be behind the attack. We’ll also discuss five top ways businesses can protect themselves and their IT assets from lurking cyber threats.

What Caused The Jaguar Land Rover Cyberattack?

In the Jaguar Land Rover attack, malicious actors were able to gain unauthorized access to take control of its systems and steal valuable data. The information was then used as an extortion chip in a subsequent ransomware attack.

A cybercrime gang known as Scattered Spider has claimed responsibility for the Jaguar Land Rover attack, which shut down its production lines on August 31, 2025.

Related Article: How Scattered Spider Social Engineering Attackers Target Helpdesks

The aftershock is still reverberating at JLR dealerships both here and abroad.

The attack has caused widespread disruption to the UK-based company’s global manufacturing network, according to Cyber Magazine.

JLR, Britain’s largest auto manufacturer, has had to shut down its UK, India, China, and Slovakia production plants. The company has said it is considering a controlled restart of its operations on September 24.

The ongoing work stoppage has led to a domino effect of problems, including a crippling cash crunch among some of its many smaller suppliers, parts shortages, and a backlog of customers who have been unable to register new vehicles.

All of this spells bad news for the automotive manufacturer during what is normally a peak selling period for the industry. So far, early estimates have put the company’s projected financial losses stemming from the cyberattack at more than $1.36 billion (US).

The Scattered Spider hacking group, believed to be largely made up of teenagers and young adults, has claimed responsibility for an expanding web of high-profile ransomware attacks in recent years.

The attackers have hit diverse industries, including casinos, retailers, airlines and transportation, healthcare, financial services, technology, insurance, food services, and education.

According to published reports, Caesars Entertainment paid a ransom of $15 million in 2023 after having its systems hacked by the group, representing half of the group’s initial ransom demand.

In a separate Scattered Spider attack, Clorox reported spending approximately $49 million in recovery costs after its operations came to a standstill, causing extensive manufacturing and shipping delays. The company said in total, the attack cost it more than $356 million in net sales losses.

What Caused The JLR Cyberattack?

According to published reports, the JLR ransomware attack began as a data breach, although the exact tactic used by the attackers remains under investigation. The company, which is owned by India’s Tata Motors, has yet to disclose the extent of the breach or say what type of data was exfiltrated in the breach.

The company has said it was in the process of reporting the cyber incident to the required regulatory agencies. With its operations and supply chain still dealing with the fallout and amid mounting financial losses, the JLR cyberattack is an example of the widespread, catastrophic ripple effect of growing cyber threats.

So, auto manufacturers, their dealerships, and other businesses within their extensive supply chain have to implement robust security precautions to help mitigate the chances of a cyber incident.

What’s Behind The Rise In Cyber Incidents Targeting The Auto Industry?

When a large automaker like JLR is forced to shut down is systems and temporarily shutter operations, the impact to its auto dealerships and the many small and medium-sized suppliers that depend on the company could leave them facing an existential crisis.

In today’s rapidly evolving threat landscape, cybercriminals are using increasingly sophisticated tactics to launch phishing attacks that are so convincing that even trained experts have been fooled.

A major factor helping them find their newest targets and generate such believable fraudulent emails, phone messages, videos, and other schemes is artificial intelligence. The cyber scams also help them to circumvent traditional cybersecurity controls to gain unauthorized access into your systems.

Oftentimes, the hackers are willing to spend time developing a relationship with their targets to establish trust, making it easier to get them to send money to an account controlled by the attackers or to share sensitive information such as account login credentials.

The massive CDK Global ransomware attack in 2024 left thousands of dealerships throughout the U.S. and Canada scrambling to keep the doors open after attackers were able to exploit a cybersecurity flaw within a vendor’s systems.

Related Article: Why Cybersecurity Will Remain Critical For Car Dealerships in 2025

Although the specific security gap has not been disclosed, it is believed that cybercriminals were initially able to gain unauthorized access through a phishing email after an employee inadvertently clicked on a malicious link. This provided an opening to deploy the larger ransomware attack.

How Can Proactive IT Support Help Boost Cybersecurity Of Auto Dealerships?

For auto dealerships and other supply chain businesses, proactive IT support can provide you not only with cybersecurity resilience, but also peace of mind.

A reliable managed IT service provider (MSP) can offer a number of customized solutions tailored to your business to boost your overall cybersecurity posture and reduce threat risks.

Those proactive steps include:

1. Conditional access

• Work with your team to develop and implement the right conditional access controls for your organization.
  
  
• If you don’t have an internal IT department, your MSP can set up conditional access policies to allow access to certain restricted parts of your network based on user roles and job functions.

2. Multi-Factor Authentication (MFA)

• Implement multi-factor authentication to require user verification before granting access to parts of your network. 
  
  
• MFA is considered a foundational cybersecurity control because it forces users to verify their identity in different ways before they are allowed access to an application, website, system, database, or other IT resource on your network.

3. Guest Network

• Create a separate guest network for your dealership customers.
  
  
• Having a dedicated guest network keeps your internal company network and information safe while providing convenient and secure internet access for your customers. 

4. Managed Employee Cybersecurity Awareness Training

• Since human error accounts for as much as 95 percent of cybersecurity breaches, your employees are the front line of defense. That's why it’s critical to provide regular, ongoing trained to educate your team about new and emerging cyber threats and how to avoid them.
  
  
• This will also help you establish a culture of cybersecurity within your organization that allows employees to understand their crucial role in helping to protect your business.

5. Data Backups

• One of the best preventative steps to avoid data loss is making sure you regularly verify and test your data backups. Even with strong security guardrails, accidental data loss could still happen.

Related Article: What Are Effective Data Backup Solutions For Business Continuity?

• Your MSP can identify your business risks and plan your backups accordingly. Ensuring you have secure and accessible data backups will put you in a better position to quickly recover.

6. Firewalls & Network Monitoring

• Verify that your existing firewalls are configured correctly is a key part of network security.
  
  
• Next-generation firewalls are an important line of defense against cybercrime.

7. DNS Filtering

• DNS filtering acts as a safety net to block threats in the event an employee accidentally clicks on a malicious link and is unknowingly diverted to a malicious website.
  
  
• It allows you to control access to websites and content your users and employees can access to block dangerous sites.

8. Monitoring and maintenance

• Establish an automated schedule for regular software updates on your IT devices, especially your dealership management system (DMS), to shore up cybersecurity flaws within your infrastructure.
  
  
• By developing a comprehensive patch management program, your MSP can help reduce the chances of downtime caused by software bugs and glitches.
  
  
• It also ensures that your network is safe, available, and efficient, minimizing the expense and inconvenience of downtime.

9. Penetration testing & vulnerability scanning

• An MSP can also perform regular penetration tests and vulnerability scans to defend against new and emerging cyber threats.
  
  
• Penetration testing and vulnerability scanning are a key part of continued cybersecurity maintenance to ensure that your security measures are working as intended.

10. Cloud migration

• Moving some or all of your infrastructure to the cloud could help eliminate network bottlenecks and eliminate certain cybersecurity vulnerabilities.
  
  
• Many cloud services also offer strong, built-in cybersecurity tools to protect your valuable IT hardware and sensitive information.
  
  
• An MSP can help you determine the best cloud solution for your business, be it fully cloud or a hybrid cloud environment.

Bottom Line With Boosting Auto Dealership Cybersecurity

After reading this article, you know have a better understanding of why enterprises of all sizes need to make sure they have stringent security measures in place to protect against growing cyber threats.

We write articles like this to provide information to help businesses like yours make the best IT-related decisions for your organization.

At Kelser, we have decades of experience providing customized cybersecurity solutions to keep our customers running efficiently, smoothly, and securely.

If you don’t have an internal IT team with the time or specialized skills to implement the security controls mentioned above, or have questions about what solutions might be best for your organization, reach out to us now by clicking the button below.

One of our IT experts will respond to schedule a brief chat to learn more about your cybersecurity concerns and see how we can help.