Jaguar Land Rover Cyber Attack Exposes Staff Payroll Data and Hits UK Economy

Jaguar Land Rover which employs more than 38000 people has confirmed that a significant cyber attack earlier this year resulted in the theft of staff payroll and benefit data placing employees and former staff at risk of fraud. The breach which brought production to a halt for weeks is now revealed to be the most costly of its kind in UK history with consequences that rippled through the wider economy.

The affected data includes personal information required to administer payroll benefits and employee schemes and impacts not only current staff but also former employees whose records were retained by the company. The precise details of the stolen data have not been disclosed however payroll data of this nature typically includes bank account numbers national insurance details salary information tax codes and addresses.

In a statement to staff Jaguar Land Rover acknowledged that personal information had been accessed without authorisation but reported no evidence so far that the data had been misused or published. Employees have been advised to remain vigilant against suspicious communications and to ensure the strength and security of their passwords. The company is offering two years of credit monitoring to those affected and has established a helpline for further support.

The incident occurred at the end of August resulting in a shutdown lasting over a month. The cyber attack which has been linked to the hacking group Scattered Lapsus Hunters resulted in a £15 billion fall in quarterly sales for the company and a £196 million charge related to exceptional items. The wider impact was felt across roughly 5000 organisations with estimated losses reaching £19 billion and official statistics indicating the breach shaved 0.17 percentage points off UK economic growth in September.

In recent years Jaguar Land Rover has outsourced significant parts of its cyber operations to Tata Consultancy Services a division of the larger Tata Group which also owns the carmaker. Tata has denied any responsibility for failings during the attack. The company remains in discussion with regulators including the Information Commissioner’s Office and continues to notify current and former employees and contractors as investigations progress.

No evidence has emerged to suggest customer data was compromised despite assertions from the alleged perpetrators. Jaguar Land Rover has apologised to all those affected and reaffirmed its commitment to supporting staff and contractors during this period of uncertainty and risk.