Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A threat actor has claimed to have leaked hundreds of files of confidential data from car manufacturer Jaguar Land Rover.
The two British car brands, which are now a joint subsidiary of Indian company Tata Motors, were listed on a popular hacking forum by a user called “Rey”, who claimed the company had suffered a data breach.
“In March 2025, Jaguar Land Rover – a renowned global automotive brand with reported revenue of $29.9 billion – suffered a major data breach,” said Rey.
“The leak includes around 700 internal documents (development logs, tracking data, source codes, etc.) and a compromised employees dataset exposing sensitive information such as username, email, display name, time zone, and more.”
Within the listing, Rey posted a sample of the data, which included specific alleged employee records. While Cyber Daily cannot confirm the legitimacy of the data, some of the names listed are of real Jaguar Land Rover employees.
The time zones, however, indicate that the alleged breach has affected employees all over the world rather than just regional operations.
Arguably, the most concerning data allegedly stolen is the tracking data. This information could be used by a threat actor to find individual customers or could be sold to groups who intend to do the same thing.
Source code could also prove problematic for the company, allowing threat actors to leak intellectual property or use cloud access keys or passwords to access more information.
Cyber Daily has reached out to Jaguar Land Rover for more information.
As legitimate as the leak may seem, threat actors do falsely claim breaches of major companies when, in reality, a breach may not have occurred, or a third party was breached.
Last year, threat actors claimed a breach of the Ford Motor Company.
In November, infamous threat actor “EnergyWeaponUser”, the right-hand man of CyberN-----s leader IntelBroker, posted to a popular hacking forum claiming they had exfiltrated an “internal database” from Ford after breaching its network.
The threat actor said the exfiltrated database contained 44,000 records of “customer names, physical locations, bought product”.
Sample data shared in the post suggested customer names, customer addresses, country codes, customer type codes, city, sales types, account codes, last update, and other records, including “is parent?” and “PA_CD”, had been exfiltrated.
On 19 November, Ford Motor Company informed Cyber Daily that it had begun investigating the incident, but it has since revealed that its systems were not breached.
“Ford’s investigation has determined that there was no breach of Ford’s systems or customer data,” said Ford.
“The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.”
The car manufacturing giant did not name the third party, nor did it reveal the nature of the incident.
Be the first to hear the latest developments in the cyber industry.
