Jaguar Land Rover CISO Mandated In-Person Password Resets After Major Cyber-Attack
Jaguar Land Rover's former CISO required over 30,000 employees to reset passwords in person following a significant cyber-attack that crippled operations and cost the UK economy billions.
Jaguar Land Rover (JLR) implemented an extraordinary security measure following a major cyber-attack in September 2025: mandating that all 30,000 employees reset their passwords in person. Ashish Shrestha, JLR's CISO at the time and now CEO of Zyn Global, revealed this drastic step at Infosecurity Europe, emphasizing the critical need to verify employee identities and trust in communication channels post-breach.
Shrestha explained that the primary concern was the integrity of JLR's Microsoft 365 environment, which is vital for internal and external communications. If this platform had been compromised through user accounts, the company would have lost its ability to communicate effectively during the crisis. The in-person reset was designed to ensure that every user's identity could be trusted before proceeding with recovery and operational resumption.
The decision stemmed from a desire for absolute certainty regarding user credentials. While there were no immediate signs of a widespread compromise of usernames and passwords, Shrestha opted for a comprehensive, hands-on approach. Requiring employees to physically come to the office to reset their passwords served as a robust verification method, mitigating the risk of an attacker remotely changing a compromised account's password.
"Although identity and access management wasn’t compromised, I triggered an enterprise-wide password reset and reset everything, including multi-factor authentication (MFA), validating the identity of the human and associating their body with the ID," Shrestha stated. This process aimed to re-establish a trusted baseline of user access and prevent any lingering unauthorized access.
The cyber-attack had a devastating impact on JLR, halting production and sales operations for weeks. In the months following the incident, the automotive manufacturer experienced a significant crash in sales. The financial repercussions were immense, with estimates suggesting the attack cost the UK economy approximately £1.9 billion ($2.55 billion) and affected over 5,000 organizations within its supply chain, making it one of the costliest cyber-attacks recorded in the UK.
Responsibility for the attack was claimed by a group linked to Scattered Spider, a cybercriminal collective known for orchestrating several high-profile attacks in 2025, including ransomware incidents targeting major retailers like Marks & Spencer and The Co-op. The group's involvement underscores the sophisticated and disruptive capabilities of modern cyber threat actors.
Shrestha's account highlights the extreme measures security leaders may need to consider during severe cyber incidents. The emphasis on physical verification for password resets, while logistically challenging for a large workforce, underscores a commitment to rebuilding trust and ensuring operational security when faced with sophisticated threats.
The incident serves as a stark reminder of the cascading effects of major cyber-attacks, not only on direct victims but also on their extensive supply chains and the broader national economy. JLR's experience emphasizes the critical importance of robust incident response plans and the potential need for unconventional security protocols in the face of significant breaches.