Bajaj Auto Admits Ransomware Attack at 8 AM and Exposes Indian Shortcomings in Protecting Industrial Assets

Bajaj Auto announced on Tuesday, in a regulatory filing submitted to the Bombay Stock Exchange and the National Stock Exchange of India, that it suffered a ransomware attack that began around 08:00 IST on June 23. The incident impacted systems at the parent company, headquartered in Pune, and also at its wholly-owned subsidiary Bajaj Auto Technology Limited, which focuses on engineering and digital platforms. The disclosure was made under Regulation 30 of SEBI's LODR Regulations, which requires listed companies to inform the market about material events, and the case was reported to CERT-In in accordance with the Information Technology Act, 2000.

The company stated that its internal technical team, together with external security experts and senior leadership, activated "containment protocols and preventive measures" to limit the spread of the attack, and claims that these actions "were successful" in mitigating operational impact. As of the publication of this article, Bajaj Auto had not publicly detailed which systems were encrypted, whether there was data exfiltration involving customers or suppliers, the status of production lines in Chakan, Waluj, and Pantnagar, or which cybercriminal group was responsible. No known leak site had claimed responsibility for the attack by late Tuesday afternoon in Mumbai.

Why This Target is Unsettling for the Sector

Bajaj Auto is not just any victim. The company manufactures over 4 million vehicles annually for the Indian domestic market, exports to 70 countries, and closed the fiscal year ending March 2026 with a revenue of ₹15,864 crore, approximately US$ 1.9 billion. In motorcycles, it ranks as the third largest in the world by volume, behind only Honda and Yamaha. For readers involved in corporate architecture, the immediate takeaway is OT/IT: assembly lines with PLCs and SCADA integrated into ERPs on SAP, MES panels communicating with the cloud, and the subsidiary BATL supporting embedded software in bikes and three-wheelers.

Nothing the company disclosed rules out the scenario in which production halted at any of the four plants, and the attack reached the operational layer. The silence regarding specific plants and duration of downtime mirrors the pattern observed when Jaguar Land Rover and Clorox took weeks to restore capacity following recent incidents.

The Wave Coming for Industrial Asia

The attack fits into a clear pattern for 2025-2026, where ransomware groups shifted from healthcare and public administrations to high-volume manufacturing, where the cost of downtime is measurable in hours. Honda in 2020, Norsk Hydro in 2019, JBS in 2021, and Toyota in 2022 marked the first wave. What has changed in 2026 is the pace of incidents among Indian manufacturers: the Indian IT industry has risen on the cyber defense agenda, but the country's factory floor, which employs tens of millions and supplies global lines for household appliances, automotive parts, and pharmaceuticals, remains lagging in network segmentation, privileged identity management in OT environments, and visibility over legacy assets.

The implications for Brazil are direct. Bajaj does not have a local factory but sells Pulsar and Dominar motorcycles assembled by partners, competing with Honda and Yamaha in the urban motorcycle market, a segment that saw double-digit growth in 2025 according to Fenabrave. Brazilian last-mile logistics operators and delivery app providers depend on this flow of parts to maintain fleet availability. If the attack compromised the supply chain for replacement parts or the embedded software maintained by BATL, Latin American distributors would experience delays. Meanwhile, Brazilian automakers have faced similar incidents, such as Embraer in 2020 and RNP in 2023, and the stance of Brasília through ANPD is still slower than Indian regulation, where mandatory disclosure to CERT-In within six hours compels initial transparency.

The Missing Piece

Without confirmation of a ransomware group, details of the initial vector, confirmation or denial of exfiltration, and a timeline for full recovery, Bajaj's communication meets the minimum legal obligation under SEBI and CERT-In but leaves the market guessing in the dark. Bajaj Auto Ltd had not responded to additional requests for comment by the time this article was published. For competitors operating similar stacks with connected plants, what is at stake this week is not solidarity for the victim but an urgent scan for privileged identity in supplier VPNs and the real test of detection time in OT environments.