Jaguar Land Rover (JLR) has suffered a cyber attack, resulting in a significant data breach incident. The attack has raised concerns about security vulnerabilities within the automotive industry, particularly regarding the potential hacking of infotainment systems (IVI). There is an increasing demand for urgent security measures to address these risks.
Recent reports from international cybersecurity outlets, such as Infostealers Reports, reveal that JLR has been targeted by two hacker groups, leading to the massive leakage of sensitive data. This leaked information includes vehicle software source code, research and development (R&D) documents, internal operational materials, and personal information about employees and partners.
The hacker group ‘HELLCAT’ was the first to breach JLR’s internal network, leaking around 700 internal documents. Shortly after, another group, ‘APTS’, accessed the same account and stole an additional 350 gigabytes (GB) of critical data.
The hackers reportedly gained access to JLR’s internal network through the Jira collaboration platform account of a partner company employee at Atlassian. The employee’s PC was infected with malware, such as Lumma, which led to the leak of account information that was subsequently sold on the dark web.
Experts are concerned that the exposure of JLR’s confidential data on the dark web could lead to vulnerabilities in electric vehicles and infotainment systems. Specifically, the leak of vehicle software could enable remote hacking, posing risks that competitors and state-sponsored hacking groups might exploit to replicate JLR’s technology.
As the automotive industry becomes increasingly digital, security threats have surged. With a reliance on connected technologies, cloud services, and complex supply chains, intellectual property such as vehicle system source codes and blueprints have become prime targets for cybercriminals. Given the close collaboration between automakers and suppliers, a breach of a third-party account can easily lead to internal system compromises. Therefore, swift and comprehensive security measures and system checks across the industry are essential.
