I doubt it. The attackers will be looking to steal data and blackmail JLR to pay a large ransom to prevent that data going public. Whether it is customer details or new car design or something else who knows?

 

I think there are more interested in the resulting disruption to business (potentially hundreds of millions of pounds) - and a ransom to avoid/curtail it - than ransoming to avoid data release to the public (although they may threaten this too). .

 

Had a chat with JLR a week or so ago, they are only affected from the service/dealer levels, Cars are fine. But that means taking your I-Pace for a service at the moment is mainly pointless as they can only do basic work it seems.

Tried to ask them to diagnose a fault, but they were unable to confirm software versions or check parts lists. They just gave it back after 30 minutes 🥲.

If you're going for a service/work, worth checking what they can achieve. (Might differ depending on experience? Mine was the UK - Nottingham Branch)

 

Had a chat with JLR a week or so ago, they are only affected from the service/dealer levels, Cars are fine. But that means taking your I-Pace for a service at the moment is mainly pointless as they can only do basic work it seems.

Tried to ask them to diagnose a fault, but they were unable to confirm software versions or check parts lists. They just gave it back after 30 minutes 🥲.

If you're going for a service/work, worth checking what they can achieve. (Might differ depending on experience? Mine was the UK - Nottingham Branch)

This is the opposite to what my dealership said, they can do diagnosis work but they can’t get parts and so customers / dealers are cancelling work for parts they can’t get

 

For JLR group as a whole, the bigger picture is the production line being shut down for so long.

 

Although JLR have announced resumption of production now on October 1, I can see that Topix is now up and that means that they can connect to your car and fix stuff.

System Status | TOPIx

topix.jlrext.com

 

Although JLR have announced resumption of production now on October 1, I can see that Topix is now up and that means that they can connect to your car and fix stuff.

System Status | TOPIx

topix.jlrext.com

Not sure it’s quite that simple. I picked up my car today after the dealer had tried to fix the reversing guidelines (separate thread).

They have finally pinpointed the problem but need to reinstall software and the CCF. This, they told me they cannot do, and Jaguar France had just today sent a message that whilst the target for production restart is 1st October, the full network will not be able to support such software reinstallation until early 2026!

 

I do have to wonder which IT supplier provides and gains sign off for their cyber security resilience, crisis management plans and IT BC/DR plans... oh hang on, they are owned by TATA.. so that would be TCS ??

MM... heads should roll...

 

I do have to wonder which IT supplier provides and gains sign off for their cyber security resilience, crisis management plans and IT BC/DR plans... oh hang on, they are owned by TATA.. so that would be TCS ??

MM... heads should roll...

They appear not to have had any Cyber risk insurance either which is just madness.

 

Possibly either (a) nobody would underwrite the risk at an acceptable premium or (b) Tata have sufficient cash there's no point in paying someone else to cover the risk.
I used to work for a multinational that covered its drivers' insurance themselves 'cos they could - much cheaper than paying a third party.

 

Having the skills and practiced crisis management plans in place to recover from a total system loss seem to be the current failing.. If they relied on their own IT company, TCS, for resilience, bc/dr and crisis management then TCS are not looking like a good proposition for other potential customers with this recovery plan so far.

If it was internal IT / Governance then expect a cull of their CTO/CIO + those that signed off risk and governance in a few months after recovery / post mortem / lessens learned.

Bankrolling risk against pay outs while you remain in business, making things, selling things and retaining the ability to repair things is different, like as you say insuring company cars or in JLR's case recalling a faulty car where you take that on your own chin as a cost of doing business.

Not being able to do anything while you publicly declare "we will be back up by x" then having to publicly update to actually another week.. then another etc does little for their reputational and consumer confidence, nor that of their service providers etc. They are lucky Tata has $$$ in reserve and they aren't "on their own" or this would look to be goodbye JLR.

 

Additionally, the UK government has supplied a loan guarantee for 1.5 billion GBP to support the company's cash reserves. It is to be paid back over 5 years.

 

Still debt and a cost they could do without

 

Wasnt it difficult to convince dealers to do software updates anyway?

 

I was mainly referring to necessary software fixes; for example, to repair my yellow reversing lines function they need to somehow adapt the CCF to recognise that I have the towing system fitted. This is what they cannot do until next year. I’m sure there must be JLR vehicles immobilised without necessary software…they’ll probably be priority when the network is repaired and minor fixes like mine, as well as regular maintenance, will be way down in the backlog queue!