A group of British-speaking hackers are claiming responsibility for the cyber-attack on Jaguar Land Rover (JLR). Calling themselves “Scattered Lapsus$ Hunters”, the hackers — believed to be teenagers — have been bragging about the hack on messaging app Telegram. The group have been sharing screenshots apparently taken from inside the car maker’s IT networks, and posting “Where is my new car, Land Rover” in an apparent attempt to taunt JLR. It is thought that they are trying to extort money from the firm.
The cyber-attack on the company’s IT systems was discovered in the small hours of Monday 1st September; by 4.30am, staff at JLR’s Halewood plant had received emails instructing them not to report to work. A statement on JLR’s corporate website describes the situation as “a cyber incident,” adding: “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner. At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”
However, although Jaguar Land Rover has stated that no customer data appears to have been compromised, some cybersecurity experts remain cautious. As reported by the BBC, security researcher Kevin Beaumont said: “Based on the information provided by the attackers and open source intelligence, the attack has access to JLR’s internal systems and network.” If accurate, this could leave the organisation vulnerable to extortion attempts or further breaches.
Who are the hackers?
Scattered Lapsus$ Hunters is the latest name for a growing band of young hackers, organising and messaging on social media. The BBC reports that the Telegram channel used by the criminals now has nearly 52,000 members. Scattered Lapsus$ Hunters contains members of ScatteredSpiders, the group responsible for the attacks on M&S and Harrods in spring 2025. Marks & Spencer stated that the cyber-attack — a ransomware breach that disrupted online orders, in-store payments, and supply chain systems, as well as exposing customer data — is expected to wipe out one-third of its annual profits, costing the company £300 million. The attack wiped £1 billion from its share prices and caused long-lasting disruption to online retail.
The cost to retailers
The news about hackers being able to boast about their cyber-attacks with apparent impunity comes as research from cybersecurity firm ESET reveals that 46% of consumers say it would take more than five months before shopping again with a brand after a breach. Alarmingly, 13% would never return. One in five (22%) of those who contributed to the research had already stopped shopping with a brand due to a cyber-attack.
As Jake Moore, global cybersecurity advisor for ESET, points out, the costs to businesses of such cyber-attacks are far more than simply operational or even financial. “The reputational fallout can be every bit as devastating as the breach itself; a reality that JLR must factor into its crisis planning,” he said. “The attack on Jaguar Land Rover shows how young hacking groups are targeting firms with bold tactics. By using Telegram to flaunt their claims and ransom demands, it demonstrates brazen confidence in staying undetected, only adding insult to injury.”
“While not yet confirmed whether sensitive systems were accessed, JLR would be wise to continue testing defences and prepare rapid response measures as they learn more,” he added.
For digital-first and multi-channel retailers, the attacks come as a wake-up call; in an increasingly hostile digital landscape, robust cybersecurity, trusted payment systems, and transparent communication are absolutely essential for operational resilience — but perhaps more importantly, for consumer trust. And with hackers getting smarter and bolder, the stakes for online retailers are extremely high.
Stay informed
Our editor carefully curates two newsletters a week filled with up-to-date news, analysis and research. Click here to subscribe to the FREE newsletter sent straight to your inbox. Why not follow us on LinkedIn to receive the latest updates on our research and analysis?
