In a significant cybersecurity response, Jaguar Land Rover (JLR) required all 30,000 employees to reset their passwords in person following a cyberattack that raised concerns about compromised staff credentials.
The security incident, detected in September 2025 and later claimed by the cybercriminal group Scattered Spider, prompted the company to take immediate steps to secure access to its critical systems. The move was revealed by former JLR Chief Information Security Officer Ashish Shrestha during a cybersecurity event.
According to Shrestha, the company was particularly concerned that employee login credentials may have been exposed during the breach, creating the risk of unauthorized access to internal systems and business platforms. Microsoft 365, a key communication and collaboration platform across the organization, was among the systems requiring additional protection.
Rather than permitting remote password resets, JLR introduced a strict identity verification process. Employees were required to appear in person and verify their identity before receiving new access credentials.
The company adopted this approach to ensure that password reset requests were made only by legitimate employees and not by cybercriminals attempting to exploit stolen usernames and passwords.
Cybersecurity experts have consistently identified compromised credentials as one of the most common methods used by attackers to infiltrate corporate networks after a security breach. By implementing face-to-face verification, JLR aimed to prevent threat actors from retaining access to company systems during the recovery phase.
The mandatory password reset initiative formed part of a broader containment strategy focused on protecting digital infrastructure, securing employee accounts, and reducing the risk of further unauthorized access following the cyberattack.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.