Following a significant cyberattack in September 2025, Jaguar Land Rover (JLR) took swift and decisive action to secure its digital infrastructure and prevent further damage. The attack, which reportedly resulted in a data breach, was later claimed by the notorious cybercriminal group known as Scattered Spider. As details of the incident continue to emerge, it has been revealed that JLR’s leadership implemented an unusual but strategic security measure immediately after the breach was detected.
Speaking at Infosecurity Europe, JLR’s former Chief Information Security Officer (CISO), Ashish Shrestha, disclosed that he instructed all 30,000 employees across the organization to appear in person and reset their passwords. The directive was issued shortly after the company became aware of the cyberattack and was part of a broader effort to contain the threat and protect critical business systems.
According to Shrestha, the decision was driven by concerns that employee credentials, particularly those linked to Microsoft 365 accounts, may have been compromised during the attack. Microsoft 365 served as one of the company’s most important communication and collaboration platforms, making it essential to ensure that unauthorized individuals could not gain access to employee accounts during the crisis.
The requirement for employees to physically present themselves before resetting their passwords was not merely a precautionary step; it was a deliberate security measure designed to verify each employee’s identity. By conducting the password reset process in person, Jaguar Land Rover‘s security team could confirm that requests were being made by legitimate staff members rather than attackers attempting to exploit stolen credentials.
Cybersecurity experts often emphasize that identity verification becomes especially critical following a breach involving potential credential theft. In many incidents, attackers use compromised usernames and passwords to move laterally within an organization’s network, access sensitive information, or launch additional attacks. By requiring face-to-face authentication, JLR significantly reduced the risk of threat actors retaining access to company systems.
While coordinating password resets for 30,000 employees posed a major logistical challenge, the move highlighted the company’s commitment to prioritizing security over convenience. The approach ensured that every employee’s account was reviewed and re-secured through a controlled process, helping restore trust in the organization’s internal systems.
The incident serves as a reminder of the growing sophistication of modern cyber threats and the importance of rapid, decisive responses following a security breach. JLR’s decision to implement in-person password resets demonstrates how organizations may need to adopt extraordinary measures when protecting critical systems and maintaining business continuity during a cybersecurity crisis.
Join our LinkedIn group Information Security Community!
