Cyber Incident Victim: Bajaj Auto
Date:
Jun 2026
Location:
India
Summary
Bajaj Auto disclosed a ransomware attack that affected the IT infrastructure of both the parent company and its wholly owned technology subsidiary. The intrusion was detected and the company’s internal technical team, external cybersecurity experts, and senior management responded to contain the incident, initiating precautionary actions that have so far mitigated the impact. The company has not disclosed the full scope of the disruption, including whether sensitive data was exfiltrated, manufacturing operations were affected, supply chain systems were disrupted, or business continuity was materially impacted. It notified the Indian Computer Emergency Response Team and disclosed the event under SEBI Listing Obligations and Disclosure Requirements Regulations, while no ransomware group has been attributed to the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Bajaj Auto announced on June 25, 2026 that it had been hit by a ransomware attack affecting systems at both the parent company and its wholly owned technology subsidiary, Bajaj Auto Technology Ltd. The intrusion was first detected at approximately 8:00 AM IST on June 23, 2026. After detecting the intrusion, the company’s internal technical team, external cybersecurity experts, and senior management responded to contain the incident. Bajaj Auto said it initiated precautionary actions and protocols to reduce the impact. The company reported that its containment efforts have so far been successful in mitigating the impact of the attack. Bajaj Auto has not disclosed the full scope of the disruption caused by the ransomware.

The disclosure did not confirm whether sensitive data was stolen, whether manufacturing operations were affected, whether supply chain systems were disrupted, or whether business continuity suffered a material impact. In line with Indian regulatory obligations, Bajaj Auto formally notified the Indian Computer Emergency Response Team (CERT‑In) under the Information Technology Act, 2000. The incident was also disclosed under Regulation 30 of the SEBI Listing Obligations and Disclosure Requirements Regulations, 2015. As of the date of the announcement, no ransomware group or threat actor has been publicly attributed to the attack on Bajaj Auto.
