Jaguar Land Rover cyberattack deepens, with prolonged production outage, supply chain fallout

Jaguar Land Rover (JLR), the U.K.-based automaker owned by Tata Motors, has extended production shutdowns after a cyberattack that disrupted global operations, halted manufacturing, and sent ripples across its supply chain. The company has shut down its IT networks in response to the attack. Industry sources have, in the meantime, warned that the disruption could last into November. A hacker group known for social-engineering campaigns has claimed responsibility. 

“Today we have informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025,” according to a Tuesday statement from Jaguar Land Rover. “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time.” 

The statement added, “We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”

Volvo Group Discloses Data Breach After Ransomware Attack on HR Supplier

Volvo Group North America has begun notifying employees and associates about a data breach that exposed their personal information, including names and Social Security numbers.

The security incident did not originate within Volvo’s own networks but was the result of a ransomware attack on one of its third-party human resources software suppliers, a company named Miljdata. The breach highlights the persistent and growing risks associated with supply chain vulnerabilities.

According to the data breach notification letter, the initial security incident targeting Miljdata occurred on August 20, 2025. The HR software provider first became aware of the ransomware attack three days later, on August 23.

It wasn’t until September 2, 2025, that Miljdata determined that data belonging to Volvo Group personnel had been compromised in the attack. Miljdata informed Volvo Group of the exposure on the same day.

Volvo has emphasized that its own internal systems were not compromised as part of this event and that the breach was contained within the environment of its supplier.

Tenable Data Breach Confirmed -Customer Contact Details Compromised

Tenable, a well-known cybersecurity company, has confirmed that it was affected by a recent large-scale data theft campaign. The attack targeted Salesforce and Salesloft Drift integrations, and Tenable was one of the organizations caught up in the incident.

The company stressed that while customer contact details were accessed, Tenable products and the data inside those products were not impacted.

According to Tenable, the breach involved unauthorized access to its Salesforce system. The exposed information included subject lines and short descriptions submitted by customers when opening support cases.

Additionally, standard business contact information, such as customer names, email addresses, phone numbers, and location details, was also accessed. At this point, the company stated there is no evidence that this information has been misused.

Wealthsimple Data Breach – User Information Leaked Online

Canadian financial technology company Wealthsimple disclosed a data security incident on September 5, 2025, revealing that personal information belonging to less than one percent of its clients was accessed without authorization.

The breach, which was detected on August 30, has prompted the company to implement enhanced security measures and offer comprehensive support to affected customers.

Wealthsimple’s security team acted quickly after discovering the incident, containing the issue within a few hours of detection.

The breach originated from a compromised software package developed by a trusted third-party vendor, which allowed unauthorized access to client data for a brief period.

• Incident detected and contained within hours on August 30, 2025.
• External security experts brought in for thorough investigation.
• All client accounts remained secure throughout the incident.
• No passwords compromised or funds accessed during breach.

Despite the security incident, the company emphasized that all client accounts remain secure and fully protected. No passwords were compromised, and crucially, no funds were accessed or stolen during the breach.

The financial platform’s core security infrastructure remained intact, ensuring that only affected clients could access their own accounts.

Cornwell Quality Tools Suffers Data Breach, 100,000 User Records Exposed

Cornwell Quality Tools, a leading automotive and industrial tool supplier, has confirmed a significant data breach that compromised the personal information of 103,782 individuals.

The cybersecurity incident occurred on December 12, 2024, when unauthorized attackers gained access to the company’s computer network, exposing sensitive customer data including names, Social Security numbers, medical information, and financial account details.

The unauthorized intrusion into Cornwell’s systems resulted in the exposure of both personally identifiable information (PII) and protected health information (PHI).

The compromised data encompassed a wide range of sensitive information that could potentially be used for identity theft and financial fraud.

The breach affected over 100,000 individuals who had their personal data stored within Cornwell’s network infrastructure.

Following the discovery of the security incident, Cornwell initiated an investigation to determine the scope and impact of the breach.

The company worked to secure their systems and assess what information was accessed during the unauthorized intrusion.

Harrods Cyberattack Exposes 430,000 Customer Records in Latest Data Breach

Luxury department store Harrods recently disclosed a data breach, in which, hackers stole information linked to approximately 430,000 customer records. The Harrods data breach has prompted the retailer to inform affected individuals and relevant authorities while stressing that no payment details or passwords were compromised during the incident.

According to a statement from the retailer, the Harrods data breach involved data accessed through a third-party provider, not the store’s own systems. The stolen information primarily consisted of basic personal details such as names and contact information provided by customers.

Additional data related to marketing preferences, loyalty cards, and partnerships with other companies, including Harrods’ co-branded cards, was also taken. However, the company emphasized that this information is unlikely to be correctly interpreted by unauthorized parties.

Harrods confirmed it would not engage with the threat actors behind the breach. “Our focus remains on informing and supporting our customers,” a spokesperson said. “We have informed all relevant authorities and will continue to cooperate with them.”

Intel Internal Data Breach for 270k Workers

Heads-up to my Intel and former Intel colleagues — a data breach has been discovered that exposed information on 270k workers. The good news, is that the data was probably not very sensitive as it was the internal system used to order business cards. 

Other sites that were compromised were a project listing, vendor supplier, and hierarchy management site. Insights about who is working on which projects and their reporting structures could offer focused attackers’ information to assist with targeting of people for social engineering attacks.

What is embarrassing is the security researchers found that Intel was using hardcoded passwords to protect these sites and misconfigured encryption that was easily bypassed.

The vulnerability researcher, Eaton, followed ethical standards and reported these to Intel last year. Intel closed the vulnerabilities this year.

Qualys Confirms Data Breach – Hackers Accessed Salesforce Data in Supply Chain Attack

Qualys has confirmed it was impacted by a widespread supply chain attack that targeted the Salesloft Drift marketing platform, resulting in unauthorized access to a portion of its Salesforce data.

The breach originated from a sophisticated cyberattack campaign targeting Salesloft Drift, a third-party Software-as-a-Service (SaaS) application used by Qualys to automate sales workflows and manage marketing leads.

According to the company, the attackers successfully stole OAuth authentication tokens that connected the Drift application to Qualys’s Salesforce instance. The malicious actors then used these tokens to gain unauthorized access.

Qualys specified that the access was limited to some information within its Salesforce environment, which is primarily used for managing leads and contact information.

The company confirmed in its statement that the attack did not compromise its foundational security infrastructure. There was no impact on the Qualys production environments, including its shared and private platforms, codebase, or any customer data hosted on the Qualys Cloud Platform. Furthermore, all Qualys platforms, agents, and scanners remained fully functional with no operational disruptions.

Cyberattack hits European airports: Heathrow delays, 50% Brussels flights to be cancelled, Delhi issues advisory

Travellers across Europe faced a weekend of disruption on Friday, 19 September, after airports including London Heathrow, Berlin Brandenburg and Brussels were hit by flight delays and cancellations following a cyber-attack.

The attack, believed to be a ransomware strike on aviation IT provider Collins Aerospace, targeted its widely used check-in technology. The failure forced several airports to revert to manual systems, leaving thousands of passengers stranded, resulting in queues and backlogs. While travel has largely returned to normal, the incident underlines the importance of building cyber resilience into our critical infrastructure.

Airports, in particular, pose significant cyber risks due to their complexity and highly digitized processes. As a critical part of a nation’s infrastructure, the approach to securing them must reflect the reality that no system is entirely secure – a point acknowledged in the World Economic Forum’s report, The Cyber Resilience Compass. This means that the focus cannot solely be on preventing attacks. It is equally vital to build resilience to ensure that when attacks do happen, their impact is minimized and critical services are maintained. This dual approach is crucial for safeguarding passenger safety, maintaining public trust and enabling long-term growth.