Jaguar Land Rover Data Breach

Victim:

Jaguar Land Rover (JLR) is one of the UK’s largest car makers and is well-known around the world for its luxury cars. It makes vehicles under the Jaguar and Land Rover brands. The company was formed on 18 January 2008, when Tata Motors, based in India, acquired both brands from Ford. Jaguar was founded by William Lyons, and Land Rover began in 1948 as the Rover Company. JLR’s main office is in Whitley, Coventry, UK. In 2024, it made about £28.99 billion in revenue and built over 400,000 vehicles. As of 2020, it had around 39,787 employees.

Threat Actor :

ShinyHunters is a group of threat actors that gained prominence in 2020 and is known for being involved in numerous significant data breaches. The group often extorts companies it has hacked; if the companies do not pay the ransom, the stolen information is frequently sold or leaked on the dark web. ShinyHunters is responsible for several recent cyberattacks, including those targeting Salesforce, M&S, Google (including Salesforce customers and cloud platform attacks), Allianz Life, Qantas Airways Limited, SK Telecom, CIC (Credit Institute of Vietnam), and Santander Bank Mexico, among others.

About the data breach:

On 17th September 2025, In the below screenshot, the Actor was posted in telegram that they have access to around 3TB of data of Jaguar Land Rover, including documents, source code, and a database. It mentions 11 million lines of code in a JSON file and asks for $30,000 to gain full access to this data.

Samples :

The below following screenshot contains three text files posted by the actor as samples:

1. The first file includes the full names and email addresses of employees.
2. The second file contains detailed information about software projects in a Jira system.

The third file contains the full names and email addresses of senior employees, including one from the “Group Product Owner” role and another from the “Cyber Security Lead” role.

The screenshot below contains another sample that was posted by the actor in telegram. And that file contains the information about the Jira tickets.

The following below screenshot contains two JSON files:

1. The first file lists the projects uploaded in Jira.
2. The second file contains employee details, including names and email addresses.

In the above screenshot, the actor claims to be the original owner of the Jaguar Land Rover cyber incident.

Conclusion :

The Jaguar Land Rover data breach demonstrates that even large, well-established organizations are vulnerable to cyberattacks from sophisticated threat actors like ShinyHunters. Exposure of sensitive employee data, source code, and project information highlights the critical need for proactive security measures. Organizations must strengthen access controls, continuously monitor systems, and educate employees to prevent similar incidents. Leveraging advanced tools such as a Gurucul SIEM can help detect anomalies early and reduce the impact of potential breaches.

Key Recommendations to Prevent Cyber Incidents

1. Enforce strict access controls: Limit permissions and implement multi-factor authentication for sensitive data.
2. Encrypt critical data: Protect data at rest and in transit to reduce exposure in the event of a compromise.
3. Deploy Gurucul SIEM: Monitor user behavior, detect anomalies, and receive real-time alerts.
4. Conduct employee awareness training: Educate staff on phishing, social engineering, and insider threats.
5. Secure development & project tools: Protect source code, Jira, and other repositories; monitor access logs.
6. Maintain regular backups: Keep secure backups to ensure quick recovery after an incident.
7. Implement incident response plans: Prepare and test procedures to respond effectively to breaches.
8. Monitor threat intelligence: Stay up to date on emerging threats and dark web activity targeting organizations.