Bajaj Auto hit by ransomware attack on its IT systems

On 23 June 2026, Bajaj Auto — one of India's largest motorcycle and three-wheeler manufacturers — disclosed that it had been hit by a ransomware attack affecting its information-technology systems. The company said the intrusion was detected at around 08:00 IST and that it impacted systems at both Bajaj Auto Limited and its wholly owned technology subsidiary, Bajaj Auto Technology Limited (BATL).

What happened

Upon detecting the activity, Bajaj Auto's internal technical teams — working alongside external cybersecurity specialists and senior management — moved to contain and neutralise the threat, activating incident-response procedures and precautionary measures to limit the spread of the ransomware. The company stated that, based on the information available at the time, its mitigation efforts had been successful and that systems were being restored.

Bajaj Auto did not name a ransomware group or attribute the attack to any specific threat actor, and as of disclosure it had not confirmed whether any data was accessed or exfiltrated, nor detailed which specific systems were affected.

Regulatory response

The company notified the Indian Computer Emergency Response Team (CERT-In) of the incident under the applicable provisions of the Information Technology Act, 2000, and disclosed the matter to investors under Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, the framework that requires listed Indian firms to report material events.

Impact

Bajaj Auto did not quantify the operational disruption or confirm whether manufacturing, supply chains, or business continuity were materially affected. The incident nonetheless underscored the growing exposure of large Indian manufacturers to ransomware, coming amid a wave of extortion campaigns targeting industrial and automotive supply chains.

Timeline

June 23, 2026

Bajaj Auto detects a ransomware intrusion at approximately 08:00 IST affecting its systems and those of its technology subsidiary, and activates containment protocols.

June 24, 2026

The company confirms the incident publicly, reports it to CERT-In and discloses it to investors under SEBI listing rules, stating mitigation has been successful.

Sources

cybersecuritynews.comhttps://cybersecuritynews.com/bajaj-ransomware-attack/

securityboulevard.comhttps://securityboulevard.com/2026/06/bajaj-auto-confirms-systems-affected-by-ransomware-attack/

medianama.comhttps://www.medianama.com/2026/06/223-bajaj-auto-systems-hit-by-ransomware/

businesstoday.inhttps://www.businesstoday.in/auto/story/what-bajaj-auto-ransomware-attack-says-about-cyber-security-risks-for-indian-automakers-538956-2026-06-24

moneylife.inhttps://moneylife.in/article/bajaj-auto-hit-by-ransomware-attack/80873.html

Related incidents

RansomwareContainedJune 18, 2026

Cherry Health discloses data breach after suspected ransomware outage

Michigan's largest federally qualified health center, Cherry Health, posted a preliminary breach notice on 18 June 2026 after suspicious network activity detected in April triggered a days-long outage and the copying of patient and staff data, including Social Security numbers.

Victim: Cherry Health

RansomwareContainedAugust 31, 2025

Jaguar Land Rover global production halt (Scattered Lapsus$ Hunters, 2025)

A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks — now considered the most economically damaging cyber incident in UK history.

Victim: Jaguar Land Rover
Loss: $2.40B

RansomwareUnknownJune 28, 2026

German naval defense firm Atlas Elektronik listed on TheGentlemen ransomware leak site

The fast-growing extortion group TheGentlemen added German naval-defense electronics manufacturer Atlas Elektronik to its dark-web leak site on 28 June 2026, claiming a double-extortion attack dated to around 25 June, though the TKMS subsidiary had not publicly confirmed any breach.

Victim: Atlas Elektronik (TKMS)

RansomwareContainedMay 13, 2026

Foxconn Nitrogen ransomware breach (2026)

The Nitrogen ransomware group claimed on its dark-web leak site that it had stolen over 11 million files from Foxconn's North American facilities, including confidential information belonging to customers Apple, Dell, Google, Intel, Nvidia, and Sony. Foxconn said affected factories were resuming normal production.

Victim: Foxconn (Hon Hai Precision Industry)