It’s been more three weeks since Jaguar Land Rover was struck by a cyberattack and during that time the automaker has been unable to produce a single vehicle, a crisis reportedly costing it $70 million a week or more. The automaker this week said the shutdown will continue through at least October 1, while some industry analysts believe it could drag on even longer.
But JLR isn’t the only automaker struggling to fend off hackers. In recent months, a global Who’s Who of automotive manufacturers have faced ransomware and other cyberattacks, as have industry suppliers and even retailers. An incident involving a dealer service provider last year all but idled 15,000 showrooms and service bays for more than a month until a $25 million ransom was paid.
Jaguar Land Rover Goes Dark
BMW, Stellantis, Hyundai, hackers are targeting automakers around the world. But the most dire crisis now faces Jaguar Land Rover. What the company described as a “catastrophic” cyberattack has brought assembly operations in the UK, Slovakia, Brazil, India and China to a complete halt. There has been speculation, according to the BBC, that the incident could take until November to resolve. The company initially dismissed such concerns, laying out plans to resume operations on September 24. That’s now been pushed back to October 1, at the earliest.
All told, JLR’s global production network rolls out an average 1,000 vehicles per day. Loss estimate have run to as much as $70 million – and possibly more – for each day the assembly lines are down. It’s uncertain whether they could make up the lost production this year, even running on maximum overtime.
Along with the thousands of JLR employees, the company’s global supply chain is estimated to support over 200,000 jobs, leading UK government officials to warn of a “significant impact” beyond the company itself. Making matters worse, the automaker is struggling to pay its suppliers with its own income stream disrupted.
Escalating attacks
“It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack,” Jamie McColl, a senior cyber and tech researcher at think tank RUSI, told Wired magazine. The JLR attack, he added, is “a different order of magnitude” to previous incidents.
It comes at a time when cyber criminals are escalating their attacks on businesses, government offices, utilities and even individuals. Automakers provide a wide range of doorways through which hackers might be able to gain access, said Sam Abuelsamid, lead analyst with Telemetry Research. And they have deep pockets out of which cyber criminals hope to take cash.
The latest publicly confirmed automotive incidents involve BMW and Stellantis, both of whom were targeted through suppliers. “No company is doing everything in-house,” said analyst Abuelsamid. “They’re all relying on vendors for various aspects. Any chain is only as good as its weakest link….and you have to secure every element of that ecosystem.”
The Latest Incidents
In BMW’s case, the attack appears to have been perpetrated by Everest, a notorious cybergang with ties to Russia. On September 14, Everest’s blog reported that it obtained “Critical BMW Audit Documents.” A countdown timer gave the Bavarian automaker just a matter of days to meet its demands before the group said a “recording” would be released.
Officially, BMW has said little about the attack but a senior company source, asking to speak on background, told Autoblog that it actually was a third-party vendor whose “system was compromised.” The attack did yield some documents, the BMW official said, but insisted they are of little use, adding that “All systems, including production, are fully operational for us.”
Then, on Sunday, September 21, Stellantis revealed one of its vendors, “a third-party service provider’s platform that supports our North American customer service operations,” had also been hit with a cyberattack. In this case, some basic customer information, including names and contact information, were accessed, Stellantis acknowledged in a statement on its website. But the cyberthieves were not able to access more detailed personal information, such as birth dates, Social Security numbers or credit card records. “Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation,” the statement added.
Who’s Next?
So far, hackers have focused much of their attention on automakers, suppliers and vendors, but one of the most damaging cyberattacks to hit the industry yet occurred in June 2024 and took down CDK Global, a multinational data provider that supplies a broad range of software and related services to approximately 15,000 North American auto retailers. The attack compromised software used for everything from scheduling service appointments to completing vehicle sales. It took a reported $25 million ransom – which CDK declined to confirm – to resolve the crisis in July 2024. Reports at the time suggested the impact to the company and its dealers ran to more than $1 billion.
The big concern is when, rather than if, hackers will start cracking the code on all of the vehicles out on the road. Today’s cars, trucks and crossovers already contain scores of microprocessors and millions of lines of software code but tomorrow’s “software-defined vehicles” will go orders of magnitude further.
Mercedes-Benz
“This won’t be just a financial issue but a safety issue,” warned Abuelsamid, potentially giving hackers the opportunity to not just black out the touchscreens found in all of today’s new vehicles but even take control of smart safety and autonomous driving systems.
There have been some reports of hacking episodes but no clear proof beyond carefully staged demonstrations. But manufacturers acknowledge that keeping the bad guys out of your vehicle could be the biggest challenge they face in a world where cybercrooks are growing increasingly blatant.
