Bajaj Auto Says Ransomware Attack Affected Company and Subsidiary Systems
6 min. read 
Published on
Bajaj Auto confirmed that a ransomware attack affected systems at the company and its wholly owned subsidiary, Bajaj Auto Technology Ltd, on Tuesday, June 23, 2026.
The Pune-based automaker said it detected the incident earlier in the day and began precautionary response measures to reduce the impact. Reuters reported that Bajaj Auto said those steps had so far been successful.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The company has not publicly named a ransomware group, confirmed data theft, or disclosed whether manufacturing, dealer systems, customer services, or supply chain operations faced material disruption.
Bajaj Auto says response measures were activated quickly
The attack reportedly affected Bajaj Auto’s own systems as well as systems belonging to Bajaj Auto Technology Ltd, also known as BATL. BATL works as the company’s technology subsidiary, making the incident notable because automotive operations now depend heavily on connected enterprise software, engineering systems, and vendor platforms.
According to Autocar Professional, Bajaj Auto said the ransomware attack occurred at around 8:00 a.m. IST on June 23. The company’s technical teams, management, and external cyber security experts then initiated response protocols.
Bajaj Auto said the measures taken so far had helped mitigate the incident. The company did not provide technical details about the ransomware strain, the initial access method, the affected systems, or whether files were encrypted.
| Incident detail | What is known so far |
|---|---|
| Company affected | Bajaj Auto Ltd |
| Subsidiary affected | Bajaj Auto Technology Ltd |
| Incident type | Ransomware attack |
| Date detected | June 23, 2026 |
| Reported detection time | Around 8:00 a.m. IST |
| Threat actor named | No public attribution yet |
| Data theft confirmed | No public confirmation yet |
| Operational impact disclosed | No detailed public disclosure yet |
The company disclosed the incident to exchanges
Bajaj Auto made the disclosure through its investor communication process. The company maintains a dedicated stock exchange intimations page for regulatory updates and investor disclosures.
For listed companies in India, cyber incidents can become investor-relevant when they may affect operations, data, financial results, or business continuity. The SEBI Listing Obligations and Disclosure Requirements Regulations set the wider framework for disclosure of material events and information by listed entities.
The incident also comes one day before Bajaj Auto’s June 24 record date for its large share buyback, which has kept the company in focus for investors this week. The ransomware disclosure may therefore attract additional market attention until Bajaj Auto provides more clarity.
Why ransomware matters for automakers
Ransomware attacks can disrupt much more than office computers. In manufacturing, the impact may spread to enterprise resource planning systems, procurement portals, production planning, logistics, warranty systems, dealer connectivity, and employee services.
Modern automotive companies operate through large digital supply chains. Even when production lines continue running, a ransomware incident can slow back-office approvals, vendor communication, shipment planning, or internal reporting.
That risk explains why the lack of detail remains important. At this stage, Bajaj Auto has said mitigation steps were successful, but investors, customers, suppliers, and security teams will watch for updates on whether the incident affected data, operations, or recovery timelines.
CERT-In reporting is part of India’s cyber incident framework
Autocar Professional’s report said Bajaj Auto reported the incident to the Indian Computer Emergency Response Team, or CERT-In. India’s national cyber agency plays a central role in incident coordination, analysis, and cyber threat response.
The government said through a Press Information Bureau release that CERT-In issued directions in 2022 covering prevention, response, and reporting of cyber incidents under the Information Technology Act, 2000.
Those directions require covered entities to report certain cyber incidents within six hours of noticing them or being informed of them. The same CERT-In directions also cover log retention, time synchronization, and incident response cooperation.
- Ransomware can encrypt files and block access to business systems.
- Attackers may also steal data before or during encryption.
- Manufacturers face higher pressure because downtime can affect production and suppliers.
- Listed companies may need to assess investor disclosure obligations quickly.
- Incident response usually involves isolation, forensic review, recovery, and regulator notification.
No ransomware group has claimed responsibility publicly
As of the latest public reports, Bajaj Auto has not attributed the attack to any specific ransomware operation. No public information has confirmed whether the attackers used double extortion, where criminals steal data and threaten to publish it if payment is not made.
The Reuters report kept the known facts narrow, stating that the ransomware attack affected Bajaj Auto and Bajaj Auto Technology systems and that precautionary steps had so far been successful.
That limited disclosure is common during the early stages of ransomware response. Companies often avoid publishing technical details until they understand the attack path, contain the threat, preserve evidence, and confirm whether personal or business data was affected.
What Bajaj Auto may need to clarify next
The next important update will likely focus on operational impact. Stakeholders will want to know whether plants, dealers, suppliers, customer portals, or internal business systems experienced any downtime.
Investors will also look for more detail on whether the ransomware incident carries a material financial impact. The SEBI LODR framework is relevant because listed companies must evaluate events that may affect investors and disclose material information in a timely manner.
Bajaj Auto’s future updates may appear through exchange filings and its investor disclosures section. Until then, the company’s public position is that response measures were initiated promptly and have so far mitigated the incident.
The attack highlights cyber risk in Indian manufacturing
The incident underlines the growing cyber risk facing Indian manufacturers. Large industrial companies increasingly rely on connected systems for design, production, finance, supply chain management, dealer operations, and after-sales support.
Ransomware groups often target manufacturers because downtime creates urgency. If a company cannot access planning systems, shipment data, or production schedules, attackers may believe they have more leverage.
The Autocar Professional report said the incident showed the growing cyber security risk facing automakers as vehicles, factories, and supply chains become more digitally connected.
FAQ
Yes. Bajaj Auto confirmed that a ransomware attack affected systems at the company and its wholly owned subsidiary, Bajaj Auto Technology Ltd, on June 23, 2026.
No public disclosure has confirmed data theft so far. Bajaj Auto has not yet provided details on whether sensitive company, employee, supplier, dealer, or customer data was affected.
Bajaj Auto has not publicly disclosed a detailed operational impact. The company said it initiated precautionary measures and that those measures had so far been successful.
Bajaj Auto has not publicly attributed the attack to any ransomware group or threat actor. Attribution usually takes time because investigators need to analyze malware, infrastructure, logs, and attacker behavior.
Manufacturers rely on connected IT systems for production planning, logistics, procurement, finance, dealer networks, and supplier coordination. A ransomware attack can disrupt these systems and create operational pressure even if factory equipment remains physically intact.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages