From Cars to Chaos: Jaguar Land Rover Cyber Fallout

This week on The Awareness Angle:

UK background checker APCS suffers a breach, exposing passports and driving licences used for DBS checks
ShinyHunters claim 1.5 billion Salesforce records stolen, hitting more than 760 companies including Google and Cloudflare
Jaguar Land Rover halts production after a cyberattack, leaving suppliers and workers facing weeks without pay
Plus: Apple patches ancient iPhones, teenagers in hoodies charged over the TfL hack, and an AI comedy sketch that skewers vendor buzzwords in the extras

Listen on your favourite podcast platform - Spotify, Apple Podcasts and YouTube

Listen Now

Podcast · Risky Creative

Cyber Security Awareness Month videos with Hoxhunt

We’ve teamed up with Hoxhunt again this year to create a series of short, snappy videos for Cyber Security Awareness Month. Each one is just one to two minutes long and covers social engineering in messaging apps, the psychology behind social engineering, how AI is powering spear phishing, and how to spot deepfakes. They’re quick, practical, and perfect for sharing with your colleagues, friends, or family. You can grab them directly from the Hoxhunt toolkit, and there are unbranded versions if you’d like to use them in your own awareness programmes.

Get the toolkit here - https://hoxhunt.com/cybersecurity-awareness-month-toolkit-2025

This week's stories...

APCS Data Breach Exposes Sensitive Identity Documents

Watch the discussion - https://youtu.be/CYJR7Oq6H7E?t=300

UK criminal background checking firm APCS has confirmed a data breach after its software supplier, Intradev, was attacked. The incident may have exposed highly sensitive documents such as passports, driving licences, and National Insurance numbers, all tied to DBS checks for people working with children, vulnerable adults, or in financial services. APCS works with more than 19,000 organisations, though the true scale of those affected is still unclear.

The BBC initially reported the breach as limited to Guernsey which is why we didn't report on it but reports now suggest the impact is wider. It underlines just how fragile the chain of trust can be when it comes to third-party providers. Submitting identity documents has become routine for everything from job applications to volunteering, yet once those documents are out of our hands, control over where they end up is often lost.

There are also broader concerns about government policy. With online safety rules requiring citizens to provide ID to access certain services, breaches like this raise hard questions about how that data is protected, and what happens when it isn’t.

∠The Awareness Angle

Third-party weakness – A supplier compromise opened the door, showing how fragile the chain really is.
Highly sensitive data – This isn’t just email addresses. We’re talking identity documents that criminals can use for fraud.
Government oversight – The UK’s online safety rules now force people to submit ID to access sites, yet breaches like this raise serious questions about where that data ends up.

ShinyHunters Claim 1.5 Billion Salesforce Records Stolen

Watch the discussion - https://youtu.be/CYJR7Oq6H7E?t=790

The ShinyHunters group claim to have stolen 1.5 billion Salesforce records from more than 760 companies. The way in was through OAuth tokens linked to Salesloft Drift, after secrets were discovered in GitHub repos earlier this year. From there, attackers were able to siphon huge amounts of Salesforce data.

Big names are caught up in this - Google, Cloudflare, Tenable, Palo Alto. Even companies whose whole business is security. And the exposure goes well beyond simple contact details. Salesforce support cases often contain credentials, AWS keys, and sensitive internal system notes, the sort of data that attackers can immediately put to use.

One detail that stands out is the attackers’ use of TruffleHog, a legitimate security tool, to scan for secrets. It’s a reminder that the same tools used for defence are also available to attackers, and nothing is stopping them from turning those tools against us.

∠The Awareness Angle

Supply chain cascade – A GitHub leak became a mass data theft campaign.
Tokens as gold – OAuth tokens can be as valuable as passwords, sometimes more.
No one’s immune – If Cloudflare and Palo Alto are in the list, anyone can be.

Jaguar Land Rover Cyberattack Halts Production

Watch the discussion - https://youtu.be/CYJR7Oq6H7E?t=1292

Jaguar Land Rover (JLR) is still struggling to recover from a cyberattack that has forced it to shut down IT systems and halt production at all UK factories. What started on September 1st, one of the busiest sales days of the year for new cars, has stretched into weeks of disruption, with some industry sources warning operations may not be fully restored until November. The outage is costing JLR millions per day and threatening billions in lost revenue if delays continue.

The impact is hitting far beyond JLR itself. Hundreds of smaller suppliers depend on the manufacturer, and many are already laying off staff or asking workers to apply for universal credit. For some, JLR is their only customer, and without production lines running, their survival is uncertain. Unite, the workers’ union, has described the situation as a crisis for thousands across the supply chain.

Researchers have linked the attack to groups associated with Scattered Spider, Lapsus$, and ShinyHunters. It's the same playbook seen in previous attacks on MGM, Marks & Spencer, and others. What makes this case stand out is the human and economic fallout. Unlike a website outage, shutting down factories means machines stop, staff have nothing to do, and entire supply chains grind to a halt.

∠The Awareness Angle

Operational tech disruption – Cyber incidents can literally turn off the production line.
Supply chain fragility – Smaller suppliers with no financial buffer are left most exposed.
Wider economic fallout – Thousands of jobs and billions in revenue are at risk when a major manufacturer goes offline.

ICO Jumps on TikTok During JLR Fallout

Watch the discussion - https://youtu.be/CYJR7Oq6H7E?t=1621

One unexpected twist from the Jaguar Land Rover incident was the Information Commissioner’s Office (ICO) turning up on TikTok to talk about it. The video itself was as low-fi as it gets. Someone sat in a car with a handheld mic, no backdrop, no branding, just a quick message recorded in the same style as any other TikTok clip on your feed.

It might look rough, but that’s the point. Rather than trying to polish a corporate video, the ICO blended into the platform’s style and spoke directly to the audience where they already spend their time. For a regulator often seen as distant and formal, this is a bold move into relatable, human messaging.

∠The Awareness Angle

Meet people where they are – TikTok might not feel like a regulator’s natural home, but that’s exactly why it works.
Style over polish – Content that looks like the rest of the feed can land better than something overproduced.

A lesson for awareness pros – Security messages don’t need a glossy studio; sometimes simple is more effective.

Do you have something you would like us to talk about? Are you struggling to solve a problem, or have you had an awesome success? Reply to this email telling us your story, and we might cover it in the next episode!

Awareness Awareness

CyberSecure Leeds
This Wednesday, 24 September, KnowBe4 are hosting CyberSecure Leeds 2025: When AI Strikes, Humans Defend as part of Leeds Digital Festival. Ant will be on a panel with Javad Malik, Jack Chapman, and James Dyer, discussing AI-driven threats, building resilience, and reducing phishing risk. If you’re in the north of England, it’s a great opportunity to join the conversation.

More information at https://leedsdigitalfestival.org/events/cybersecure-leeds-2025-when-ai-strikes-humans-defend/

HuFiCon agenda now live
SoSafe’s Human Firewall Conference takes place in Cologne this November and the agenda has just been published. Ant will be attending the two-day event, which focuses on human risk and security culture, and features some excellent speakers. If you’re heading out too, let him know, it’s always good to connect. If you are located in Europe, it should be pretty affordable!

More information at https://humanfirewallconference.com/

This Week's Discussion Points...

News

Criminal background checker APCS faces data breach

Watch | Read

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
Watch | Read

Self-propagating supply chain attack hits 187 npm packages
Watch | Read

Jaguar Land Rover cyberattack deepens, with prolonged production outage, supply chain fallout
Watch | Read

Apple backports zero-day patches to older iPhones and iPads
Watch | Read

Fake Empire Podcast invites target crypto industry with macOS AMOS Stealer
Watch | Read

Teenagers charged over Transport for London cyber attack
Watch | Read

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
Watch | Read

As Ellison Buys Out TikTok, US Moves Toward One-Party Media
Watch | Read

Extras

CyberSecure Leeds 2025 – Leeds Digital Festival panel with Ant

Watch | Read

HuFiCon agenda now live
Watch | Read

AI comedy sketch poking fun at vendor buzzwords
Watch | Read

Phil AI image edit demo: Trump & Starmer “kiss”
Watch | Read

Subscribe to the Newsletter

https://www.riskycreative.com

Thanks for reading! If you’ve spotted something interesting in the world of cyber this week — a breach, a tool, or just something a bit weird — let us know at hello@riskycreative.com. We’re always learning, and your input helps shape future episodes.

And finally…Most vendors now

We spotted something on LinkedIn this week that shows just how easy AI manipulation has become. Adversarial Physical Security Specialist, Phil Smith, took a photo of Donald Trump and Keir Starmer together and, with a single prompt, altered it so the two looked like they were about to kiss. The results were both bizarre and a little unsettling.

It’s a light-hearted example, but it highlights a serious issue: deepfakes don’t need Hollywood budgets anymore. Anyone with a free tool can now create realistic, or at least believable, images that change context and meaning entirely. What happens when the subject isn’t comedy, but politics, finance, or even your own executives?

Moments like this are a useful reminder to challenge what we see online, especially as manipulated media keeps getting easier to make and harder to spot.

Watch - https://www.linkedin.com/posts/phil-smith-554462255_i-had-to-see-this-now-you-can-too-ugcPost-7374794135070744576-Tlko/

If you need to undo the nightmare fuel, here's a little something.

∠The Awareness Angle

Deepfakes on demand – Simple AI prompts can now twist real photos into convincing but false images, showing how easy it is to manipulate context.
From comedy to concern – While this one was light-hearted, the same tech could be used to create fake press conferences, financial announcements, or damaging rumours.
Pause before you share – If an image or video feels odd, double-check the source before passing it on. Not everything that looks real online actually is.