Over the past few months, we’ve witnessed two major cybersecurity incidents: first at CDK Global, and more recently, at Jaguar Land Rover (JLR). Close inspection reveals something critical: cyberattacks are no longer limited to stolen passwords or locked-up files, particularly in industrial and manufacturing settings. Because they impact entire supply chains, they now disrupt the very infrastructure of daily life.

We’ve entered an era where attacks on operational technology (OT) - the physical systems that power our industries - are just as common, and just as dangerous, as those on traditional IT systems.

Let’s unpack what happened, why it matters to everyone (not just the companies involved), and what steps we can all take as individuals, organizations, and policymakers to build a more resilient future.

The Unfolding Jaguar Land Rover Incident

In late August 2025, Jaguar Land Rover (JLR), one of the world’s better known luxury car manufacturers, experienced a serious cyberattack that led to a partial shutdown of its global operations. The company confirmed that it detected the breach last Sunday and took swift action: they shut down many of their systems to prevent further damage.

That decision, while it made sense from a containment standpoint, triggered a cascade of operational disruptions:

  • Production and logistics halted across several UK facilities, including major hubs like Solihull, Halewood, and Wolverhampton.
  • Vehicle parts ordering, diagnostics, and registration systems were offline, leaving garages and dealerships unable to service or deliver vehicles.
  • Employees were asked to stay home, as core systems required for daily operations remained inaccessible. Many are still home as I write this.
  • MOT tests and repairs were delayed due to the unavailability of parts and diagnostics.

While customer or employee data breaches have yet to be publicly confirmed, the operational impact is severe. Interestingly, it all stemmed from a breach targeting the systems that sit behind the scenes: the ones that keep factories running, parts moving, and services operating.

The group allegedly behind the attack claimed responsibility as a collective known as Scattered LAPSUS$ Hunters, allegedly made up of people who are linked to well-known hacker networks like Scattered Spider, LapSus, and ShinyHunters. Whether this attribution holds up remains to be seen, but the method and impact follow a familiar pattern we’ve seen before.

The CDK Global Attack: A Warning Ignored?

Just a year earlier, CDK Global — a software provider used by over 15,000 automotive dealerships in North America — fell victim to a similar ransomware-style attack. The breach shut down its dealer management systems, affecting functions like:

  • Inventory tracking
  • Loan and lease processing
  • Vehicle registration
  • Customer service operations

Dealers were forced to revert to pen-and-paper systems. Service centers couldn’t check customer histories. Cars couldn’t be registered or delivered. CDK’s own efforts to recover were hit by a second attack, and ultimately, the company paid a reported $25 million ransom to regain control.

Thousands of businesses were left in limbo for weeks around the world, with many unable to serve customers or process transactions. Several dealerships have since filed lawsuits, and the incident continues to affect trust across the automotive sector.

The Bigger Picture: what’s really at risk?

These two cases highlight a shift in the threat landscape:

  • IT systems (like email, databases, customer records) have long been targets for hackers.
  • But OT systems - the technologies that physically make things happen (like robotic arms on factory floors, digital diagnostic tools, and automated supply chains) - are now just as vulnerable.

Once these systems are compromised, the damage spreads far beyond just information theft. Entire business operations can grind to a halt. Critical services can be delayed or denied. Workers can be sent home. Customers can’t get what they paid for.

And because OT systems are often deeply integrated with IT systems (especially in modern, automated environments), protecting just the front office isn’t enough anymore.

Why breaches like these affect all of us as consumers

You might be wondering:

“I don’t work in manufacturing. Why does this matter to me?”

Here’s why:

  • Public transportation systems rely on OT — from scheduling systems to ticket scanners to the buses themselves.
  • Smart buildings and offices use OT — including access card systems, elevators, HVAC controls, and even lighting.
  • Healthcare equipment, logistics services, and energy grids are all powered by OT.

That means a cyberattack doesn’t just affect "companies." It affects your ability to commute, receive medical care, enter your workplace, or heat your home.

These incidents are not edge cases. They are a sign of what’s increasingly possible — and, without intervention, likely.

What organizations need to do

  1. Invest in OT-specific security strategies
    Traditional cybersecurity focused on data and networks. Now, companies must expand protections to include sensors, actuators, controllers, and industrial systems — all of which can be entry points for attackers.
  2. Segment IT and OT networks
    A breach in one system shouldn’t mean total system failure. Clear boundaries and layered access controls can help contain the spread of an attack.
  3. Plan for failure
    Business continuity plans must assume that critical systems will go offline. Have manual backup processes and contingency operations ready.
  4. Educate employees across the organization
    From factory floor to executive suite, everyone needs to understand the basics of phishing, device hygiene, and escalation protocols.
  5. Work with trusted third parties
    External audits, managed detection and response services, and OT-specialized consultants can make a real difference — especially for smaller organizations without in-house capabilities.

What we can do as individuals

Whether you're a commuter, employee, or smart-home user, there are simple steps you can take:

  • Be patient but vocal
    When service disruptions happen, ask for clear information. Hold companies accountable for transparency. Contact your Privacy Commissioner, industry regulators or corporate leaders.
  • Understand what depends on technology
    Know that your office badge, parking system, or even elevator might rely on cloud-based systems vulnerable to attack.
  • Update your own systems regularly
    Smart home devices, routers, and phones all need regular updates. Make it a habit, not an afterthought.
  • Don’t ignore the signs
    If something behaves strangely, like a card reader failure or a thermostat reset, it could be an early sign of broader issues. Report it, don't ignore it.
  • Support policies that fund cybersecurity
    Advocate for legislation that supports better infrastructure protections — in public services, healthcare, energy, and transport.

A Deeper Dive

As part of my ongoing work on cybersecurity in critical infrastructure, I’ve published a research paper on the Power Transmission and Motion Control (PTMC) sector, which you can download at www.Popa.ca/PTMC

This field covers the vital mechanical systems that make factories, energy plants, and vehicles run. All of them have already become high-value targets for organized cybercriminals.

As we saw in the two major breaches discussed earlier, understanding how these systems work (and fail to work) is essential for building resilience into safer corporate ecosystems.

Takeaways

We are living through a period where the physical and digital worlds are becoming inseparable. What was once a hacker’s fantasy of shutting down an entire supply chain with a few lines of code, is now a recurring reality due in part to the corporate world's ignorance about operational technology security.

But with this increased risk comes an opportunity. We can design systems to be safer. We can train business managers to understand vendor risk and supply chain cybersecurity. And we can demand better accountability from the companies and service providers we rely on.

Supply chain cybersecurity and operational technology are no longer part of a niche issue. It is an everyday issue for all organizations of a certain size. And they all impact us on some level.