"My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate," Ashish Shrestha told an Infosecurity Europe audience on June 3, 2026.
Ashish Shrestha ordered an enterprise-wide, in-person password reset for 30,000 staff
Shrestha, now CEO of Zyn Global and the group CISO of Jaguar Land Rover (JLR) at the time of the incident, described one of his first operational choices after the September 2025 cyber-attack: an enterprise-wide password reset that required every employee to come on site. "One of the first and foremost things was we did an enterprise-wide password reset for 30,000 people. And we asked every individual to come on site to do it," he said during a conference session titled "Crisis Communications – Contingency Plans to Put in Place Now."
Why Microsoft 365 verification was central to the response
Shrestha framed the decision around the need to know whether the company's Microsoft 365 environment had been compromised. He explained that Microsoft 365 was the critical communications channel the organization needed to coordinate its response. If the Microsoft 365 environment had been compromised via a user account, it could not be relied upon to relay trustworthy instructions or updates, so identity validation took priority.
Resetting MFA and "associating their body with the ID" — what in-person meant
Beyond resetting passwords, Shrestha said the effort extended to multi-factor authentication (MFA). He told the audience he had "reset everything, including multi-factor authentication (MFA), validating the identity of the human and associating their body with the ID." The emphasis was on physical, human verification rather than remote resets, which Shrestha argued carried the risk that an attacker with control of an account could make a remote change.
Operational disruption: production halted, sales collapsed, and a £1.9bn economic hit
JLR's cyber-attack had immediate operational effects: production and sales operations were halted for weeks. In the months that followed, the company’s sales fell sharply. The incident’s fallout extended beyond the company itself: it was described as the costliest cyber-attack to hit the UK, with an estimated impact on the national economy of £1.9bn ($2.55bn) and more than 5,000 organizations affected across the supply chain.
Scattered Spider-linked group claimed responsibility and had other high-profile targets in 2025
A group linked to Scattered Spider claimed responsibility for the attack on JLR. According to Shrestha’s briefing at Infosecurity Europe, the same criminal collective was tied to several high-profile cyber-attacks during 2025, including ransomware attacks against the retailers Marks & Spencer and The Co-op.
What this means for technologists, affected enterprises, and policymakers
- Technologists and security teams: The JLR case foregrounds identity validation as a crisis priority; Shrestha’s insistence on in-person resets and re-enrollment of MFA highlights one operational choice for restoring trusted communications when identity systems are suspect.
- Affected enterprises and procurement leaders: The disruption reached beyond JLR—over 5,000 supply-chain organizations were affected—underlining how a single incident can cascade into production stoppages and sales collapse for suppliers and partners.
- Policymakers and economic planners: With the incident estimated to have cost the national economy £1.9bn, the attack registered as the costliest cyber-attack to hit the UK and will likely shape conversations about resilience, critical-sector continuity, and the economic stakes of large-scale compromises.
The JLR response offers a stark example of an executive decision that traded convenience for certainty: a large, disruptive, and costly in-person operation designed to re-establish trustworthy human identities for corporate communications. The exercise underlined what Shrestha called a single operational imperative in the immediate aftermath of the breach — to be able to communicate through a channel the organization trusted to be intact — even as production, sales, and thousands of partners felt the wider consequences.
