What Bajaj Auto ransomware attack says about cyber security risks for Indian automakers

Bajaj Auto Ltd, the country’s most valuable two-wheeler maker, on Tuesday informed stock exchanges of a cyber security incident that involved a ransomware attack.

“A cyber security incident has occurred that involve a ransomware attack impacting the systems of Bajaj Auto Limited (“the Company”) and its wholly owned subsidiary, viz. Bajaj Auto Technology Limited (“BATL”),” the Pune-based two-wheeler maker said in a regulatory filing.

“Immediately upon becoming aware of the incident, the technical team of the company along with cyber security experts and the management responded promptly and initiated necessary precautionary actions and protocols to mitigate the impact of this incident and this has been successful based on the available information at this time,” the statement said.

“This disclosure is being made as a matter of good governance. The said incident occurred on 23 June 2026 at around 08:00 a.m. (IST) and has been intimated to CERT-In in terms of the Information Technology Act, 2000,” it added.

The ransomware attack comes nine months after Tata Motors Passenger Vehicles’ British subsidiary Jaguar Land Rover faced a cyberattack that halted production at its plants in the United Kingdom and Slovakia for over a month. The cyberattack cost JLR about 50,000 units in terms of production shutdown loss. Direct costs related to the September cyberattack stood at £260 million.

Bajaj Auto has yet to clarify if the cyber incident has impacted production at its plants. It is unknown yet whether the company had cybersecurity insurance.

In the case of JLR, the absence of cybersecurity insurance cost the luxury carmaker dearly. Tata Motors Passenger Vehicles, in its Integrated Annual Report 2025-26, warned that "cybersecurity risks remain elevated, as malicious actors continue to target all types of organisations and cause disruption, as we experienced in 2025."