Attacks cause knock-on supply chain impacts

Earlier this month, Jaguar Land Rover (JLR) reported a cyber-attack that forced the company to shut down its IT systems and network to mitigate the impacts. Manufacturing plants in Merseyside and Solihull subsequently closed; employees were instructed not to come to work. While currently unconfirmed, cyber gang Scattered Lapsus$ Hunters, previously linked to the M&S cyber incident, have claimed responsibility for the attack.

As JLR’s IT and network systems remain offline, its largely automated manufacturing operations also remain suspended. Production suspensions are expected to be lifted in the coming days. The company suggested that the process of restarting their systems has presented challenges and noted there is a possibility some data was compromised.

While the estimated loss for JLR is around £100m, the disruption and loss extends beyond the company itself. Small and medium-sized suppliers to the business are also experiencing disruption, with industry experts anticipating potential bankruptcies and job losses.

Several unions urged the government to consider setting up support schemes to help protect jobs, and it subsequently backed a £1.5bn loan to JLR to keep things running. Although specific information regarding the nature of the attack has not yet been disclosed, it has been reported that JLR is working with the National Cyber Security Centre (NCSC) to investigate the incident.

Last week, Heathrow Airport and several other European airports were experiencing delays resulting from a suspected cyber-attack that affected an electronic check-in and baggage system. Emerging reports have confirmed that Muse, a check-in software developed by Collins Aerospace, was the target of a ransomware attack.

While the software provider attempted to rebuild and relaunch its systems, it later found that the hackers remained within the network. The provider is currently collaborating with law enforcement to address the issue, and recovery efforts are largely being carried out manually.

In the meantime, several European airports continue to experience delays and disruptions. Brussels Airport, for example, cancelled 140 out of 276 scheduled flights on one day, and Heathrow is using manual procedures for boarding and check-in as recovery efforts continue.

Cyber gangs targeting personal data

Scattered Spider has also been associated with a cyber-attack on the Legal Aid Agency earlier this year. This incident is believed to have involved an affiliated group identified as the Shiny Hunters.

Reports indicate that the personal information of thousands of individuals who applied for legal aid between 2007 and 2025 was compromised during this attack. Although the attack occurred in April, the agency continues to experience disruption. Restoration of its online systems is anticipated to begin at the end of this month.

Shiny Hunters were also connected to a hack this month involving Kering, the parent company of brands such as Balenciaga, Gucci, and Alexander McQueen. Members of the cyber group apparently gained temporary access to systems and obtained personal data, including names, email addresses, phone numbers, and information on customer spending for approximately seven million individuals. There is concern that spending information could potentially be used to identify high-value customers who may be targeted in subsequent scams or hacks.

The National Crime Agency (NCA) reported earlier this year that there was an increase in threat from UK-based cyber-gangs. Investigations into these groups are ongoing, and recent efforts include the arrest of two individuals linked to Scattered Spider, who were responsible for the cyber-attack on Transport for London last year that resulted in significant disruption and damages exceeding £39m.

It is important to remain vigilant and be cautious when engaging with potentially suspicious messages or communications. Guidance published by the NCSC covers more on what to do to stay safe in the event of a breach of your personal data.

Hacking fever spreading

Last month, a cyber-attack targeted Single Central Record, a software provider used by schools in the maintenance of staff records. As a result of this, personal data such as names, addresses, phone numbers, national insurance details, and passport information of staff members were compromised. The incident has left many teachers concerned, prompting them to seek compensation from their schools and reimbursement for expenses in replacing passports.

Although schools are no less likely to be targeted by cyber-attacks than any other organisation, recent reports indicate that the most significant risk to schools often originates from their own students using hacking tools and techniques available online to compromise security protocols and passwords. The Information Commissioner's Office has highlighted that insider threats are not fully understood or considered a risk, noting that students represent a substantial risk for more severe internal security breaches.

Malicious use of AI

We have frequently covered AI’s role in cyber security and crime. Last month, Anthropic, the company that owns the AI chatbot Claude, disclosed an incident where the chatbot was used by malicious actors to automate various stages of a cyber attack. The attackers used the chatbot to generate code enabling unauthorised access to sensitive data, the conduct of research on targeted organisations, and the composition of personalised ransom emails. This incident, which has been described as ‘vibe-hacking’ by Anthropic, reportedly affected around 17 organisations.

OpenAI also found that, during safety tests performed collaboratively with Anthropic involving extreme misuse scenarios, ChatGPT 4.0 and 4.1 provided researchers with detailed instructions on illicit activities, such as targeting sports venues with bombs and creating illegal substances. The organisations developing these models recognise the potential for their use in malicious contexts. As a result, such testing is part of ongoing efforts to enhance the models' resistance to misuse.

At the start of September, NCSC released guidance exploring safeguard bypasses that can help developers and those implementing AI systems prevent these systems from generating harmful outputs or actions.

Cybersecurity Awareness Month

ICAEW is gearing up for Cyber Security Awareness Month in October, to equip members with the knowledge and resources they need to stay safe and secure in a digital world.

As part of this campaign, look out for our free Annual Cyber Lecture which will be held in Chartered Accountants’ Hall on Monday 6 October. The lecture will feature experts from the Department for Science, Innovation and Technology and the NCSC who will share practical insights on how to recover from ransomware attacks, as well as the recent legislative proposals on this.

We will also be updating our Cyber Security Awareness hub with the latest stories and resources throughout the month. In the meantime, you can also sign up to webinars on:

• cyber security essentials, and
• cyber risk strategies for business leaders.