INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Infosecurity Europe: JLR CISO Enforced In-Person Password Resets

| 2026-06-09 09:00 CRITICAL HIGH
JSON
Executive Summary AI-generated
The Jaguar Land Rover cyber-attack was a devastating incident that had far-reaching consequences for the UK's largest car manufacturer. The attack, which occurred in September 2025, resulted in an estimated £1.9 billion loss to the national economy and affected over 5000 organizations in the supply chain. In response to the breach, Jaguar Land Rover took swift action by calling over 30,000 staff on site for password resets, a move that was deemed crucial in ensuring the identities of employees could be trusted post-breach. This decision was made possible only after verifying whether Microsoft 365 had been compromised or not, as confirmed by CEO Ashish Shrestha during an Infosecurity Europe conference session. The former cyber leader emphasized the importance of validating identity and associating human bodies with IDs to prevent further breaches.
Technical Mitigations AI-generated
• In-person password reset for 30,000 staff to verify identities and trust post-cyber-attack • Enterprise-wide password reset required due to lack of overall compromise in usernames and passwords • Multi-factor authentication (MFA) was triggered during the password reset process
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Scattered SpiderScattered Spider RoverRover
Target & Sectors
FIVE_EYES FIVE_EYES EUROPE EUROPE
Incident Timeline
‎September 2025
Jaguar Land Rover's Chief Information Security Officer (CISO) enforced in-person password resets for 30,000 staff following a major cyber-attack.
organisation Jaguar Land
When Jaguar Land Rover (JLR) was hit by a major cyber-attack in September 2025, one of the first things the company’s cybersecurity leader did was to call over 30,000 staff on site to reset their passwords.
malware Rover
When Jaguar Land Rover (JLR) was hit by a major cyber-attack in September 2025, one of the first things the company’s cybersecurity leader did was to call over 30,000 staff on site to reset their passwords.
general_metric 30,000 staff
When Jaguar Land Rover (JLR) was hit by a major cyber-attack in September 2025, one of the first things the company’s cybersecurity leader did was to call over 30,000 staff on site to reset their passwords.
organisation Marks & Spencer
The cybercriminal collective was responsible for several high-profile cyber-attacks during 2025 , including ransomware attacks against retailers Marks & Spencer and The Co-op.
organisation Microsoft 365
“My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate,” he explained in a conference session titled ‘Crisis Communications – Contingency Plans to Put in Place Now.’
The former JLR cyber leader noted that if the firm had observed signs of the Microsoft 365 environment being compromised via a user account, they would not be able to use that as a communications channel.
organisation Crisis Communications
“My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate,” he explained in a conference session titled ‘Crisis Communications – Contingency Plans to Put in Place Now.’
organisation Put in Place Now
“My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate,” he explained in a conference session titled ‘Crisis Communications – Contingency Plans to Put in Place Now.’
organisation JLR
The former JLR cyber leader noted that if the firm had observed signs of the Microsoft 365 environment being compromised via a user account, they would not be able to use that as a communications channel.
organisation Microsoft
The former JLR cyber leader noted that if the firm had observed signs of the Microsoft 365 environment being compromised via a user account, they would not be able to use that as a communications channel.
organisation MFA
“Now, although identity and access management wasn’t compromised, I triggered an enterprise-wide password reset and reset everything, including multi-factor authentication (MFA), validating the identity of the human and associating their body with the ID,” Shrestha explained.
threat_actor Scattered Spider
A group linked to Scattered Spider claimed responsibility for the attack.
victims 5000 organizations
Overall, it is estimated that the JLR cyber-attack cost the national economy £1.9bn ($2.55bn) and affected over 5000 organizations in the supply chain.
‎June 3
Ashish Shrestha, CEO of Zyn Global and group CISO of Jaguar Land Rover (JLR), enforced in-person password resets following the cyber-attack.
target_region EUROPE
Speaking during Infosecurity Europe on June 3 , Ashish Shrestha CEO of Zyn Global, and group CISO of JLR at the time of the cyber incident , said that the decision was made because it was vital to ensure that the identities of the staff could be trusted post-breach and while the company responded to the incident.
Tactical Metrics
Metrics
infrastructure
‎Microsoft 365
Affected Product
“My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate,” he explained in a conference session titled ‘Crisis Communications – Contingency Plans to Put in Place Now.’
The former JLR cyber leader noted that if the firm had observed signs of the Microsoft 365 environment being compromised via a user account, they would not be able to use that as a communications channel.
Metrics
victims
5,000
Organizations
Overall, it is estimated that the JLR cyber-attack cost the national economy £1.9bn ($2.55bn) and affected over 5000 organizations in the supply chain.
Intelligence Sources
Infosecurity-Magazine 2026-06-09
Infosecurity-Magazine 2026-06-09