Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets

Staff Editor 2026-06-09
Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets

Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets

https://www.infosecurity-magazine.com/news/jlr-cyberattack-ciso-inperson/

Publish Date: 2026-06-09 05:00:00

Source Domain: www.infosecurity-magazine.com

When Jaguar Land Rover (JLR) was hit by a major cyber-attack in September 2025, one of the first things the company’s cybersecurity leader did was to call over 30,000 staff on site to reset their passwords.

Speaking during Infosecurity Europe on June 3, Ashish Shrestha CEO of Zyn Global, and group CISO of JLR at the time of the cyber incident, said that the decision was made because it was vital to ensure that the identities of the staff could be trusted post-breach and while the company responded to the incident.

“My first priority was that we needed to validate whether our Microsoft 365 had been compromised or not, because we need that to communicate,” he explained in a conference session titled ‘Crisis Communications – Contingency Plans to Put in Place Now.’

The former JLR cyber leader noted that if the firm had observed signs of the Microsoft 365 environment being compromised via a user account, they would not be able to use that as a communications channel. 

Therefore, to verify that all users were who they said they were and that that everyone could be trusted in online communications, JLR required every member of staff to reset their password – and do it in person.

“One of the first and foremost things was we did an enterprise-wide password reset for 30,000 people. And we asked every individual to come on site to do it,” Shrestha said.

Trust and Verification Post Cyber-Attack

The justification for this, he explained, was that while there wasn’t any sign of an overall compromise of usernames and passwords, he wanted to be sure that every single user could be trusted before moving forward.

The way to be sure of that was by requiring staff to make the change in person.

If done remotely, there was the potential risk that an attacker could change the password of a compromised account, should they have control of it.

“Now, although identity and access management wasn’t compromised, I triggered an enterprise-wide password reset…

Source

More Stories

When Burnout Becomes a Cybersecurity Control Failure

When Burnout Becomes a Cybersecurity Control Failure

Staff Editor 2026-06-09
Anthropic’s new model is Mythos on a leash

Anthropic’s new model is Mythos on a leash

Staff Editor 2026-06-09
Anthropic rolls out public version of Mythos without cybersecurity capability

Anthropic rolls out public version of Mythos without cybersecurity capability

Staff Editor 2026-06-09

Terms and Conditions - Privacy Policy